mirror of
https://github.com/github/codeql.git
synced 2026-05-01 03:35:13 +02:00
use more set literals
This commit is contained in:
Erik Krogh Kristensen
@@ -176,18 +176,13 @@ module DOM {
|
||||
eltName = ["script", "iframe", "embed", "video", "audio", "source", "track"] and
|
||||
attrName = "src"
|
||||
or
|
||||
(
|
||||
eltName = "link" or
|
||||
eltName = "a" or
|
||||
eltName = "base" or
|
||||
eltName = "area"
|
||||
) and
|
||||
eltName = ["link", "a", "base", "area"] and
|
||||
attrName = "href"
|
||||
or
|
||||
eltName = "form" and
|
||||
attrName = "action"
|
||||
or
|
||||
(eltName = "input" or eltName = "button") and
|
||||
eltName = ["input", "button"] and
|
||||
attrName = "formaction"
|
||||
)
|
||||
}
|
||||
|
||||
@@ -47,12 +47,7 @@ private DataFlow::SourceNode localDollar() {
|
||||
*/
|
||||
private class ExtendCallWithFlag extends ExtendCall {
|
||||
ExtendCallWithFlag() {
|
||||
exists(string name | this = DataFlow::moduleImport(name).getACall() |
|
||||
name = "extend" or
|
||||
name = "extend2" or
|
||||
name = "just-extend" or
|
||||
name = "node.extend"
|
||||
)
|
||||
this = DataFlow::moduleImport(["extend", "extend2", "just-extend", "node.extend"]).getACall()
|
||||
or
|
||||
this = localDollar().getAMemberCall("extend")
|
||||
}
|
||||
|
||||
@@ -157,9 +157,7 @@ class ResolvedES2015PromiseDefinition extends ResolvedPromiseDefinition {
|
||||
*/
|
||||
class AggregateES2015PromiseDefinition extends PromiseCreationCall {
|
||||
AggregateES2015PromiseDefinition() {
|
||||
exists(string m | m = "all" or m = "race" or m = "any" or m = "allSettled" |
|
||||
this = getAPromiseObject().getAMemberCall(m)
|
||||
)
|
||||
this = getAPromiseObject().getAMemberCall(["all", "race", "any", "allSettled"])
|
||||
or
|
||||
this = DataFlow::moduleImport("promise.allsettled").getACall()
|
||||
}
|
||||
@@ -654,10 +652,7 @@ private module ClosurePromise {
|
||||
succ = call and
|
||||
pred = call.getAnArgument()
|
||||
|
|
||||
name = "all" or
|
||||
name = "allSettled" or
|
||||
name = "firstFulfilled" or
|
||||
name = "race"
|
||||
name = ["all", "allSettled", "firstFulfilled", "race"]
|
||||
)
|
||||
or
|
||||
// promise created through goog.promise.withResolver()
|
||||
|
||||
@@ -694,15 +694,13 @@ module TaintTracking {
|
||||
)
|
||||
or
|
||||
// `(encode|decode)URI(Component)?` propagate taint
|
||||
exists(DataFlow::CallNode c, string name |
|
||||
exists(DataFlow::CallNode c |
|
||||
succ = c and
|
||||
c = DataFlow::globalVarRef(name).getACall() and
|
||||
c =
|
||||
DataFlow::globalVarRef([
|
||||
"encodeURI", "decodeURI", "encodeURIComponent", "decodeURIComponent"
|
||||
]).getACall() and
|
||||
pred = c.getArgument(0)
|
||||
|
|
||||
name = "encodeURI" or
|
||||
name = "decodeURI" or
|
||||
name = "encodeURIComponent" or
|
||||
name = "decodeURIComponent"
|
||||
)
|
||||
or
|
||||
// In and out of .replace callbacks
|
||||
|
||||
@@ -64,10 +64,10 @@ module Cheerio {
|
||||
call = cheerioObjectRef().getAMethodCall(name) and
|
||||
result = call
|
||||
|
|
||||
if name = "attr" or name = "data" or name = "prop" or name = "css"
|
||||
if name = ["attr", "data", "prop", "css"]
|
||||
then call.getNumArgument() = 2
|
||||
else
|
||||
if name = "val" or name = "html" or name = "text"
|
||||
if name = ["val", "html", "text"]
|
||||
then call.getNumArgument() = 1
|
||||
else (
|
||||
name != "toString" and
|
||||
|
||||
@@ -17,10 +17,11 @@ module ConnectExpressShared {
|
||||
*/
|
||||
private class RouteHandlerSignature extends string {
|
||||
RouteHandlerSignature() {
|
||||
this = "request,response" or
|
||||
this = "request,response,next" or
|
||||
this = "request,response,next,parameter" or
|
||||
this = "error,request,response,next"
|
||||
this =
|
||||
[
|
||||
"request,response", "request,response,next", "request,response,next,parameter",
|
||||
"error,request,response,next"
|
||||
]
|
||||
}
|
||||
|
||||
/** Gets the index of the parameter corresonding to the given `kind`, if any. */
|
||||
|
||||
@@ -159,7 +159,7 @@ private module FStream {
|
||||
or
|
||||
readOrWrite = "Writer" and writer = true
|
||||
) and
|
||||
(subMod = "File" or subMod = "Dir" or subMod = "Link" or subMod = "Proxy")
|
||||
subMod = ["File", "Dir", "Link", "Proxy"]
|
||||
|
|
||||
result = mod.getAPropertyRead(readOrWrite) or
|
||||
result = mod.getAPropertyRead(readOrWrite).getAPropertyRead(subMod) or
|
||||
|
||||
@@ -485,10 +485,7 @@ private module Mongoose {
|
||||
* Holds if Document method `name` returns a Document.
|
||||
*/
|
||||
predicate returnsDocument(string name) {
|
||||
name = "depopulate" or
|
||||
name = "init" or
|
||||
name = "populate" or
|
||||
name = "overwrite"
|
||||
name = ["depopulate", "init", "populate", "overwrite"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -548,12 +548,7 @@ module NodeJSLib {
|
||||
|
||||
/** A file system read. */
|
||||
private class NodeJSFileSystemAccessRead extends FileSystemReadAccess, NodeJSFileSystemAccess {
|
||||
NodeJSFileSystemAccessRead() {
|
||||
methodName = "read" or
|
||||
methodName = "readSync" or
|
||||
methodName = "readFile" or
|
||||
methodName = "readFileSync"
|
||||
}
|
||||
NodeJSFileSystemAccessRead() { methodName = ["read", "readSync", "readFile", "readFileSync"] }
|
||||
|
||||
override DataFlow::Node getADataNode() {
|
||||
if methodName.matches("%Sync")
|
||||
|
||||
@@ -55,20 +55,10 @@ module PkgCloud {
|
||||
*/
|
||||
|
||||
kind = "user name" and
|
||||
(
|
||||
propertyName = "account" or
|
||||
propertyName = "keyId" or
|
||||
propertyName = "storageAccount" or
|
||||
propertyName = "username"
|
||||
)
|
||||
propertyName = ["account", "keyId", "storageAccount", "username"]
|
||||
or
|
||||
kind = "password" and
|
||||
(
|
||||
propertyName = "key" or
|
||||
propertyName = "apiKey" or
|
||||
propertyName = "storageAccessKey" or
|
||||
propertyName = "password"
|
||||
)
|
||||
propertyName = ["key", "apiKey", "storageAccessKey", "password"]
|
||||
or
|
||||
kind = "token" and
|
||||
propertyName = "token"
|
||||
|
||||
@@ -106,16 +106,11 @@ module Restify {
|
||||
methodName = "getPath"
|
||||
)
|
||||
or
|
||||
exists(string methodName |
|
||||
// `request.getContentType()`, `request.userAgent()`, `request.trailer(...)`, `request.header(...)`
|
||||
kind = "header" and
|
||||
this.asExpr().(MethodCallExpr).calls(request, methodName)
|
||||
|
|
||||
methodName = "getContentType" or
|
||||
methodName = "userAgent" or
|
||||
methodName = "trailer" or
|
||||
methodName = "header"
|
||||
)
|
||||
// `request.getContentType()`, `request.userAgent()`, `request.trailer(...)`, `request.header(...)`
|
||||
kind = "header" and
|
||||
this.asExpr()
|
||||
.(MethodCallExpr)
|
||||
.calls(request, ["getContentType", "userAgent", "trailer", "header"])
|
||||
or
|
||||
// `req.cookies
|
||||
kind = "cookie" and
|
||||
|
||||
@@ -227,15 +227,8 @@ module SocketIO {
|
||||
)
|
||||
or
|
||||
// invocation of a chainable getter method
|
||||
exists(string m |
|
||||
m = "broadcast" or
|
||||
m = "json" or
|
||||
m = "local" or
|
||||
m = "volatile"
|
||||
|
|
||||
result = pred.getAPropertyRead(m) and
|
||||
t = t2.continue()
|
||||
)
|
||||
result = pred.getAPropertyRead(["broadcast", "json", "local", "volatile"]) and
|
||||
t = t2.continue()
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -385,12 +385,7 @@ private module JQueryClientRequest {
|
||||
string name;
|
||||
|
||||
JQueryAjaxShortHand() {
|
||||
(
|
||||
name = "get" or
|
||||
name = "getJSON" or
|
||||
name = "getScript" or
|
||||
name = "post"
|
||||
) and
|
||||
name = ["get", "getJSON", "getScript", "post"] and
|
||||
this = jquery().getAMemberCall(name)
|
||||
or
|
||||
name = "load" and
|
||||
|
||||
@@ -12,13 +12,13 @@ import javascript
|
||||
*/
|
||||
private predicate shellCmd(Expr shell, string arg) {
|
||||
exists(string s | s = shell.getStringValue() |
|
||||
(s = "sh" or s = "bash" or s = "/bin/sh" or s = "/bin/bash") and
|
||||
s = ["sh", "bash", "/bin/sh", "/bin/bash"] and
|
||||
arg = "-c"
|
||||
)
|
||||
or
|
||||
exists(string s | s = shell.getStringValue().toLowerCase() |
|
||||
(s = "cmd" or s = "cmd.exe") and
|
||||
(arg = "/c" or arg = "/C")
|
||||
s = ["cmd", "cmd.exe"] and
|
||||
arg = ["/c", "/C"]
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -179,15 +179,7 @@ module PrototypePollution {
|
||||
call = DataFlow::moduleImport(id).getACall() or
|
||||
call = DataFlow::moduleImport(id).getAMemberCall(_)
|
||||
) and
|
||||
(
|
||||
id = "deep"
|
||||
or
|
||||
id = "extend2"
|
||||
or
|
||||
id = "js-extend"
|
||||
or
|
||||
id = "smart-extend"
|
||||
)
|
||||
id = ["deep", "extend2", "js-extend", "smart-extend"]
|
||||
or
|
||||
call.isDeep() and
|
||||
call = AngularJS::angular().getAMemberCall("merge") and
|
||||
|
||||
@@ -1,9 +1,4 @@
|
||||
/**
|
||||
* Some commonly used HTTP verbs.
|
||||
*/
|
||||
string httpVerb() {
|
||||
result = "get" or
|
||||
result = "put" or
|
||||
result = "post" or
|
||||
result = "delete"
|
||||
}
|
||||
string httpVerb() { result = ["get", "put", "post", "delete"] }
|
||||
|
||||
@@ -1,11 +1,6 @@
|
||||
import javascript
|
||||
|
||||
string httpVerb() {
|
||||
result = "get" or
|
||||
result = "put" or
|
||||
result = "post" or
|
||||
result = "delete"
|
||||
}
|
||||
string httpVerb() { result = ["get", "put", "post", "delete"] }
|
||||
|
||||
/** A RAML specification. */
|
||||
class RAMLSpec extends YAMLDocument, YAMLMapping {
|
||||
|
||||
@@ -1,11 +1,6 @@
|
||||
import javascript
|
||||
|
||||
string httpVerb() {
|
||||
result = "get" or
|
||||
result = "put" or
|
||||
result = "post" or
|
||||
result = "delete"
|
||||
}
|
||||
string httpVerb() { result = ["get", "put", "post", "delete"] }
|
||||
|
||||
/** A RAML specification. */
|
||||
class RAMLSpec extends YAMLDocument, YAMLMapping {
|
||||
|
||||
@@ -1,11 +1,6 @@
|
||||
import javascript
|
||||
|
||||
string httpVerb() {
|
||||
result = "get" or
|
||||
result = "put" or
|
||||
result = "post" or
|
||||
result = "delete"
|
||||
}
|
||||
string httpVerb() { result = ["get", "put", "post", "delete"] }
|
||||
|
||||
/** A RAML specification. */
|
||||
class RAMLSpec extends YAMLDocument, YAMLMapping {
|
||||
|
||||
Reference in New Issue
Block a user