hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Handle global variable d3

Browse Source
This commit is contained in:
Asger Feldthaus
2021-03-11 16:17:27 +00:00
parent 3b11958e33
commit 2f3a76c43b
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/src/semmle/javascript/frameworks/D3.qll
View File

@@ -5,6 +5,17 @@ private import semmle.javascript.security.dataflow.Xss
/** Provides classes and predicates modelling aspects of the `d3` library. */
module D3 {
/** The global variable `d3` as an entry point for API graphs. */
private class D3GlobalEntry extends API::EntryPoint {
D3GlobalEntry() { this = "D3GlobalEntry" }
override DataFlow::SourceNode getAUse() {
result = DataFlow::globalVarRef("d3")
}
override DataFlow::Node getARhs() { none() }
}
/** Gets an API node referring to the `d3` module. */
API::Node d3() {
result = API::moduleImport("d3")
@@ -13,6 +24,8 @@ module D3 {
result = API::moduleImport(any(string s | s.regexpMatch("@.*/d3(-\\w+)?")))
or
result = API::moduleImport("d3-node").getInstance().getMember("d3")
or
result = API::root().getASuccessor(any(D3GlobalEntry i))
}
/**