JS: Type track sequelize model

2026-05-02 04:05:14 +02:00 · 2020-05-15 16:12:43 +01:00
parent a536069059
commit 3e9849b7c4
4 changed files with 20 additions and 2 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/SQL.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/SQL.qll
@@ -311,10 +311,22 @@ private module MsSql {
 */
 private module Sequelize {
  /** Gets an import of the `sequelize` module. */
-  DataFlow::ModuleImportNode sequelize() { result.getPath() = "sequelize" }
+  DataFlow::SourceNode sequelize() { result = DataFlow::moduleImport("sequelize") }

  /** Gets an expression that creates an instance of the `Sequelize` class. */
-  DataFlow::SourceNode newSequelize() { result = sequelize().getAnInstantiation() }
+  private DataFlow::SourceNode newSequelize(DataFlow::TypeTracker t) {
+    t.start() and
+    result = sequelize().getAnInstantiation()
+    or
+    exists(DataFlow::TypeTracker t2 |
+      result = newSequelize(t2).track(t2, t)
+    )
+  }
+
+  /** Gets an expression that creates an instance of the `Sequelize` class. */
+  DataFlow::SourceNode newSequelize() {
+    result = newSequelize(DataFlow::TypeTracker::end())
+  }

  /** A call to `Sequelize.query`. */
  private class QueryCall extends DatabaseAccess, DataFlow::ValueNode {
--- a/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
+++ b/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
@@ -15,6 +15,7 @@
 | postgres5.js:8:21:8:25 | query |
 | sequelize2.js:10:17:10:118 | 'SELECT ... Y name' |
 | sequelize.js:8:17:8:118 | 'SELECT ... Y name' |
+| sequelizeImport.js:3:17:3:118 | 'SELECT ... Y name' |
 | spanner2.js:5:26:5:35 | "SQL code" |
 | spanner2.js:7:35:7:44 | "SQL code" |
 | spanner.js:6:8:6:17 | "SQL code" |
--- a/javascript/ql/test/library-tests/frameworks/SQL/sequelize.js
+++ b/javascript/ql/test/library-tests/frameworks/SQL/sequelize.js
@@ -7,3 +7,5 @@ const sequelize = new Sequelize('database', 'username', 'password', {
 });
 sequelize.query('SELECT * FROM Products WHERE (name LIKE \'%' + criteria + '%\') AND deletedAt IS NULL) ORDER BY name');

+
+exports.sequelize = sequelize;
--- a/javascript/ql/test/library-tests/frameworks/SQL/sequelizeImport.js
+++ b/javascript/ql/test/library-tests/frameworks/SQL/sequelizeImport.js
@@ -0,0 +1,3 @@
+const { sequelize } = require("./sequelize");
+
+sequelize.query('SELECT * FROM Products WHERE (name LIKE \'%' + criteria + '%\') AND deletedAt IS NULL) ORDER BY name');