hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: handle Reference.transaction()

Browse Source
This commit is contained in:
Asger F
2019-02-05 17:33:14 +00:00
parent f554f859aa
commit 49a746b87a
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
javascript/ql/src/semmle/javascript/frameworks/Firebase.qll
View File

@@ -172,6 +172,25 @@ module Firebase {
DataFlow::SourceNode snapshot() {
result = snapshot(_)
}
/**
* Gets a node that is passed as the callback to a `Reference.transaction` call.
*/
DataFlow::SourceNode transactionCallback(DataFlow::TypeTracker t) {
t.start() and
result = ref().getAMethodCall("transaction").getArgument(0).getALocalSource()
or
exists (DataFlow::TypeTracker t2 |
result = transactionCallback(t2).backtrack(t2, t)
)
}
/**
* Gets a node that is passed as the callback to a `Reference.transaction` call.
*/
DataFlow::SourceNode transactionCallback() {
result = transactionCallback(_)
}
class FirebaseVal extends RemoteFlowSource {
FirebaseVal() {
@@ -179,6 +198,8 @@ module Firebase {
name = "val" or
name = "exportVal"
)
or
this = transactionCallback().(DataFlow::FunctionNode).getParameter(0)
}
override string getSourceType() {