Merge pull request #5786 from erik-krogh/anser

Approved by esbena
2026-04-28 02:05:14 +02:00 · 2021-04-27 14:40:48 -07:00
parent 0f141edbc3 9178f4b1c5
commit 2b9fb79b1d
5 changed files with 61 additions and 0 deletions
--- a/javascript/ql/src/javascript.qll
+++ b/javascript/ql/src/javascript.qll
@@ -68,6 +68,7 @@ import semmle.javascript.dataflow.TaintTracking
 import semmle.javascript.dataflow.TypeInference
 import semmle.javascript.frameworks.Angular2
 import semmle.javascript.frameworks.AngularJS
+import semmle.javascript.frameworks.Anser
 import semmle.javascript.frameworks.AsyncPackage
 import semmle.javascript.frameworks.AWS
 import semmle.javascript.frameworks.Azure
--- a/javascript/ql/src/semmle/javascript/frameworks/Anser.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Anser.qll
@@ -0,0 +1,31 @@
+/**
+ * Provides classes for working with applications using [anser](https://www.npmjs.com/package/anser).
+ */
+
+import javascript
+
+/**
+ * A taint step for the [anser](https://www.npmjs.com/package/anser) library.
+ */
+private class AnserTaintStep extends TaintTracking::SharedTaintStep {
+  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(API::CallNode call |
+      call =
+        API::moduleImport("anser")
+            .getMember(["linkify", "ansiToHtml", "ansiToText", "ansiToJson"])
+            .getACall()
+      or
+      call =
+        API::moduleImport("anser")
+            .getInstance()
+            .getMember([
+                "linkify", "ansiToHtml", "ansiToText", "ansiToJson", "process", "processChunkJson",
+                "processChunk"
+              ])
+            .getACall()
+    |
+      succ = call and
+      pred = call.getArgument(0)
+    )
+  }
+}