hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Make type tracking-related parameter and predicate names more consistent.

Browse Source
This commit is contained in:
Max Schaefer
2019-03-26 12:56:36 +00:00
parent c50067b597
commit 3e16d16525
8 changed files with 36 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/semmle/javascript/frameworks/Connect.qll
View File

@@ -125,8 +125,8 @@ module Connect {
t.start() and
result = getARouteHandlerExpr().flow().getALocalSource()
or
exists(DataFlow::TypeBackTracker next |
result = getARouteHandler(next).backtrack(next, t)
exists(DataFlow::TypeBackTracker t2 |
result = getARouteHandler(t2).backtrack(t2, t)
)
}

4
javascript/ql/src/semmle/javascript/frameworks/Electron.qll
View File

@@ -60,8 +60,8 @@ module Electron {
t.start() and
result instanceof NewBrowserObject
or
exists(DataFlow::TypeTracker prev |
result = browserObject(prev).track(prev, t)
exists(DataFlow::TypeTracker t2 |
result = browserObject(t2).track(t2, t)
)
}

4
javascript/ql/src/semmle/javascript/frameworks/Express.qll
View File

@@ -118,8 +118,8 @@ module Express {
t.start() and
result = getARouteHandlerExpr().flow().getALocalSource()
or
exists(DataFlow::TypeBackTracker next |
result = getARouteHandler(next).backtrack(next, t)
exists(DataFlow::TypeBackTracker t2 |
result = getARouteHandler(t2).backtrack(t2, t)
)
}

12
javascript/ql/src/semmle/javascript/frameworks/HTTP.qll
View File

@@ -282,13 +282,13 @@ module HTTP {
*/
abstract RouteHandler getRouteHandler();
predicate flowsTo(DataFlow::Node nd) { flowsToSourceNode(DataFlow::TypeTracker::end()).flowsTo(nd) }
predicate flowsTo(DataFlow::Node nd) { ref(DataFlow::TypeTracker::end()).flowsTo(nd) }
private DataFlow::SourceNode flowsToSourceNode(DataFlow::TypeTracker t) {
private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
t.start() and
result = this
or
exists(DataFlow::TypeTracker prev | result = flowsToSourceNode(prev).track(prev, t))
exists(DataFlow::TypeTracker t2 | result = ref(t2).track(t2, t))
}
}
@@ -303,13 +303,13 @@ module HTTP {
*/
abstract RouteHandler getRouteHandler();
predicate flowsTo(DataFlow::Node nd) { flowsToSourceNode(DataFlow::TypeTracker::end()).flowsTo(nd) }
predicate flowsTo(DataFlow::Node nd) { ref(DataFlow::TypeTracker::end()).flowsTo(nd) }
private DataFlow::SourceNode flowsToSourceNode(DataFlow::TypeTracker t) {
private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
t.start() and
result = this
or
exists(DataFlow::TypeTracker prev | result = flowsToSourceNode(prev).track(prev, t))
exists(DataFlow::TypeTracker t2 | result = ref(t2).track(t2, t))
}
}

4
javascript/ql/src/semmle/javascript/frameworks/Hapi.qll
View File

@@ -200,8 +200,8 @@ module Hapi {
t.start() and
result = handler.flow().getALocalSource()
or
exists(DataFlow::TypeBackTracker next |
result = getARouteHandler(next).backtrack(next, t)
exists(DataFlow::TypeBackTracker t2 |
result = getARouteHandler(t2).backtrack(t2, t)
)
}

8
javascript/ql/src/semmle/javascript/frameworks/Koa.qll
View File

@@ -79,15 +79,15 @@ module Koa {
RouteHandler getRouteHandler() { result = rh }
predicate flowsTo(DataFlow::Node nd) {
flowsToSourceNode(DataFlow::TypeTracker::end()).flowsTo(nd)
ref(DataFlow::TypeTracker::end()).flowsTo(nd)
}
private DataFlow::SourceNode flowsToSourceNode(DataFlow::TypeTracker t) {
private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
t.start() and
result = this
or
exists(DataFlow::TypeTracker prev |
result = flowsToSourceNode(prev).track(prev, t)
exists(DataFlow::TypeTracker t2 |
result = ref(t2).track(t2, t)
)
}
}

4
javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
View File

@@ -196,8 +196,8 @@ module NodeJSLib {
t.start() and
result = handler.flow().getALocalSource()
or
exists(DataFlow::TypeBackTracker next |
result = getARouteHandler(next).backtrack(next, t)
exists(DataFlow::TypeBackTracker t2 |
result = getARouteHandler(t2).backtrack(t2, t)
)
}

36
javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll
View File

@@ -25,16 +25,15 @@ module SocketIO {
}
/**
* Gets a data flow node that may refer to the socket.io server created at `srv`, with
* type tracking info stored in `t`.
* Gets a data flow node that may refer to the socket.io server created at `srv`.
*/
private DataFlow::SourceNode server(ServerObject srv, DataFlow::TypeTracker t) {
result = newServer() and
srv = MkServer(result) and
t.start()
or
exists(DataFlow::TypeTracker s, DataFlow::SourceNode pred | pred = server(srv, s) |
result = pred.track(s, t)
exists(DataFlow::TypeTracker t2, DataFlow::SourceNode pred | pred = server(srv, t2) |
result = pred.track(t2, t)
or
// invocation of a chainable method
exists(DataFlow::MethodCallNode mcn, string m |
@@ -52,7 +51,7 @@ module SocketIO {
// exclude getter versions
exists(mcn.getAnArgument()) and
result = mcn and
t = s
t = t2
)
)
}
@@ -85,8 +84,7 @@ module SocketIO {
}
/**
* Gets a data flow node that may refer to the socket.io namespace created at `ns`, with
* type tracking info stored in `t`.
* Gets a data flow node that may refer to the socket.io namespace created at `ns`.
*/
private DataFlow::SourceNode namespace(NamespaceObject ns, DataFlow::TypeTracker t) {
t.start() and
@@ -107,12 +105,12 @@ module SocketIO {
ns = srv.getServer().getDefaultNamespace()
)
or
exists(DataFlow::SourceNode pred, DataFlow::TypeTracker s | pred = namespace(ns, s) |
result = pred.track(s, t)
exists(DataFlow::SourceNode pred, DataFlow::TypeTracker t2 | pred = namespace(ns, t2) |
result = pred.track(t2, t)
or
// invocation of a chainable method
result = pred.getAMethodCall(namespaceChainableMethod()) and
t = s
t = t2
or
// invocation of chainable getter method
exists(string m |
@@ -121,7 +119,7 @@ module SocketIO {
m = "volatile"
|
result = pred.getAPropertyRead(m) and
t = s
t = t2
)
)
}
@@ -137,8 +135,7 @@ module SocketIO {
}
/**
* Gets a data flow node that may refer to a socket.io socket belonging to namespace `ns`, with
* type tracking info stored in `t`.
* Gets a data flow node that may refer to a socket.io socket belonging to namespace `ns`.
*/
private DataFlow::SourceNode socket(NamespaceObject ns, DataFlow::TypeTracker t) {
// callback accepting a socket
@@ -155,8 +152,8 @@ module SocketIO {
result = on.getCallback(1).getParameter(0)
)
or
exists(DataFlow::SourceNode pred, DataFlow::TypeTracker s | pred = socket(ns, s) |
result = pred.track(s, t)
exists(DataFlow::SourceNode pred, DataFlow::TypeTracker t2 | pred = socket(ns, t2) |
result = pred.track(t2, t)
or
// invocation of a chainable method
exists(string m |
@@ -174,7 +171,7 @@ module SocketIO {
m = EventEmitter::chainableMethod()
|
result = pred.getAMethodCall(m) and
t = s
t = t2
)
or
// invocation of a chainable getter method
@@ -185,7 +182,7 @@ module SocketIO {
m = "volatile"
|
result = pred.getAPropertyRead(m) and
t = s
t = t2
)
)
}
@@ -395,8 +392,7 @@ module SocketIO {
*/
module SocketIOClient {
/**
* Gets a data flow node that may refer to the socket.io socket created at `invk`, with
* type tracking info stored in `t`.
* Gets a data flow node that may refer to the socket.io socket created at `invk`.
*/
private DataFlow::SourceNode socket(DataFlow::InvokeNode invk, DataFlow::TypeTracker t) {
t.start() and
@@ -410,7 +406,7 @@ module SocketIOClient {
result = invk
)
or
exists(DataFlow::TypeTracker s | result = socket(invk, s).track(s, t))
exists(DataFlow::TypeTracker t2 | result = socket(invk, t2).track(t2, t))
}
/** A data flow node that may produce a socket object. */