hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Propagate locally returned functions out of calls

Browse Source
This commit is contained in:
Asger Feldthaus
2020-06-12 10:07:37 +01:00
parent 6531db3cca
commit 4c536dde20
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/src/semmle/javascript/dataflow/internal/CallGraphs.qll
View File

@@ -61,6 +61,17 @@ module CallGraph {
function = cls.getConstructor() and function = cls.getConstructor() and
cls.getAClassReference(t.continue()).flowsTo(result) cls.getAClassReference(t.continue()).flowsTo(result)
) )
or
imprecision = 0 and
exists(DataFlow::FunctionNode outer |
result = getAFunctionReference(outer, 0, t.continue()).getAnInvocation() and
locallyReturnedFunction(outer, function)
)
}
cached
private predicate locallyReturnedFunction(DataFlow::FunctionNode outer, DataFlow::FunctionNode inner) {
inner.flowsTo(outer.getAReturn())
} }
/** /**

1
javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/Test.expected
View File

@@ -2,5 +2,4 @@ spuriousCallee
missingCallee missingCallee
| constructor-field.ts:40:5:40:14 | f3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 | | constructor-field.ts:40:5:40:14 | f3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 |
| constructor-field.ts:71:1:71:11 | bf3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 | | constructor-field.ts:71:1:71:11 | bf3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 |
| returned-function.js:23:1:23:4 | r2() | returned-function.js:8:9:10:9 | functio ... } | -1 |
badAnnotation badAnnotation