JS: Autoformat

2026-04-30 11:15:13 +02:00 · 2020-12-03 14:46:03 +00:00
parent 1b0bec9143
commit 355cfaaf42
3 changed files with 14 additions and 8 deletions
--- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
+++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
@@ -15,5 +15,6 @@ import DataFlow::PathGraph

 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Potential type confusion as $@ may be either an array or a string.", source.getNode(),
+select sink.getNode(), source, sink,
+  "Potential type confusion as $@ may be either an array or a string.", source.getNode(),
  "this HTTP request parameter"
--- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
@@ -1192,8 +1192,8 @@ private predicate loadStep(
 */
 pragma[nomagic]
 private predicate reachableFromStoreBase(
-  string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd, DataFlow::Configuration cfg,
-  PathSummary summary
+  string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd,
+  DataFlow::Configuration cfg, PathSummary summary
 ) {
  exists(PathSummary s1, PathSummary s2, DataFlow::Node rhs |
    reachableFromSource(rhs, cfg, s1)
@@ -1204,7 +1204,8 @@ private predicate reachableFromStoreBase(
    endProp = startProp and
    base = nd and
    summary =
-      MkPathSummary(false, s1.hasCall().booleanOr(s2.hasCall()), DataFlow::FlowLabel::data(), DataFlow::FlowLabel::data())
+      MkPathSummary(false, s1.hasCall().booleanOr(s2.hasCall()), DataFlow::FlowLabel::data(),
+        DataFlow::FlowLabel::data())
  )
  or
  exists(PathSummary newSummary, PathSummary oldSummary |
@@ -1221,8 +1222,8 @@ private predicate reachableFromStoreBase(
 */
 pragma[noinline]
 private predicate reachableFromStoreBaseStep(
-  string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd, DataFlow::Configuration cfg,
-  PathSummary oldSummary, PathSummary newSummary
+  string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd,
+  DataFlow::Configuration cfg, PathSummary oldSummary, PathSummary newSummary
 ) {
  exists(DataFlow::Node mid |
    reachableFromStoreBase(startProp, endProp, base, mid, cfg, oldSummary) and
@@ -1264,7 +1265,10 @@ private predicate storeToLoad(
  DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg, PathSummary oldSummary,
  PathSummary newSummary
 ) {
-  exists(string storeProp, string loadProp, DataFlow::Node storeBase, DataFlow::Node loadBase, PathSummary s1, PathSummary s2 |
+  exists(
+    string storeProp, string loadProp, DataFlow::Node storeBase, DataFlow::Node loadBase,
+    PathSummary s1, PathSummary s2
+  |
    storeStep(pred, storeBase, storeProp, cfg, s1) and
    reachableFromStoreBase(storeProp, loadProp, storeBase, loadBase, cfg, s2) and
    oldSummary = s1.appendValuePreserving(s2) and
--- a/javascript/ql/src/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll
@@ -100,7 +100,8 @@ module TypeConfusionThroughParameterTampering {
  private class ProtoStringComparison extends Sink {
    ProtoStringComparison() {
      exists(EqualityTest test |
-        test.hasOperands(this.asExpr(), any(Expr e | e.getStringValue() = ["__proto__", "constructor"])) and
+        test.hasOperands(this.asExpr(),
+          any(Expr e | e.getStringValue() = ["__proto__", "constructor"])) and
        test.isStrict()
      )
    }