hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Use hasUnderlyingStringOrAnyType in Nest model

Browse Source
This commit is contained in:
Asger F
2025-04-11 13:10:32 +02:00
parent 6fdd7feed4
commit 4e44fdaa7b
2 changed files with 7 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
javascript/ql/lib/semmle/javascript/frameworks/Nest.qll
View File

@@ -318,14 +318,6 @@ module NestJS {
}
}
private predicate isStringType(Type type) {
type instanceof StringType
or
type instanceof AnyType
or
isStringType(type.(PromiseType).getElementType().unfold())
}
/**
* A return value from a route handler, seen as an argument to `res.send()`.
*
@@ -344,10 +336,10 @@ module NestJS {
ReturnValueAsResponseSend() {
handler.isReturnValueReflected() and
this = handler.getAReturn() and
// Only returned strings are sinks
not exists(Type type |
type = this.asExpr().getType() and
not isStringType(type.unfold())
// Only returned strings are sinks. If we can find a type for the return value, it must be string-like.
not exists(NameResolution::Node type |
TypeResolution::valueHasType(this.asExpr(), type) and
not TypeResolution::hasUnderlyingStringOrAnyType(type)
)
}