hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge SummarizedCallable into single class

Browse Source
This commit is contained in:
Vasco-jofra
2025-06-26 10:10:52 +02:00
parent 8c4dbca23c
commit 575da5c31c
1 changed files with 24 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll
View File

@@ -14,13 +14,24 @@ module AsyncPackage {
result = DataFlow::moduleMember("async-es", name) result = DataFlow::moduleMember("async-es", name)
} }
/**
* Gets a reference to the given member or one of its `Limit` or `Series` variants.
*
* For example, `memberVariant("map")` finds references to `map`, `mapLimit`, and `mapSeries`.
*/
DataFlow::SourceNode memberVariant(string name) {
result = member(name) or
result = member(name + "Limit") or
result = member(name + "Series")
}
/** /**
* Gets `Limit` or `Series` name variants for a given member name. * Gets `Limit` or `Series` name variants for a given member name.
* *
* For example, `memberNameVariant("map")` returns `map`, `mapLimit`, and `mapSeries`. * For example, `memberNameVariant("map")` returns `map`, `mapLimit`, and `mapSeries`.
*/ */
bindingset[name] bindingset[name]
string memberNameVariant(string name) { private string memberNameVariant(string name) {
result = name or result = name or
result = name + "Limit" or result = name + "Limit" or
result = name + "Series" result = name + "Series"
@@ -161,63 +172,23 @@ module AsyncPackage {
DataFlow::FunctionNode getFinalCallback() { result = this.getCallback(finalCallbackIndex) } DataFlow::FunctionNode getFinalCallback() { result = this.getCallback(finalCallbackIndex) }
} }
/** private class IterationCallFlowSummary extends DataFlow::SummarizedCallable {
* An IterationCall with its iterator callback at index 1 private int callbackArgIndex;
*/
private class IterationCallCallbacksFirstArg extends IterationCall { IterationCallFlowSummary() {
IterationCallCallbacksFirstArg() { this.getIteratorCallbackIndex() = 1 } this = "async.IteratorCall(callbackArgIndex=" + callbackArgIndex + ")" and
callbackArgIndex in [1 .. 3]
} }
/** override DataFlow::InvokeNode getACallSimple() {
* An IterationCall with its iterator callback at index 2 result instanceof IterationCall and
*/ result.(IterationCall).getIteratorCallbackIndex() = callbackArgIndex
private class IterationCallCallbacksSecondArg extends IterationCall {
IterationCallCallbacksSecondArg() { this.getIteratorCallbackIndex() = 2 }
} }
/** override predicate propagatesFlow(string input, string output, boolean preservesValue) {
* The model with the iteratorCallbackIndex abstracted
*/
bindingset[iteratorCallbackIndex]
private predicate iterationCallPropagatesFlow(
string input, string output, boolean preservesValue, int iteratorCallbackIndex
) {
preservesValue = true and preservesValue = true and
input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement", "AnyMember"] and input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement", "AnyMember"] and
output = "Argument[" + iteratorCallbackIndex + "].Parameter[0]" output = "Argument[" + callbackArgIndex + "].Parameter[0]"
}
/**
* A taint step from the collection into the iterator callback (at index 1) of an iteration call.
*
* For example: `data -> item` in `async.each(data, (item, cb) => {})`.
*/
class IterationCallCallbacksFirstArgFlowSummary extends DataFlow::SummarizedCallable {
IterationCallCallbacksFirstArgFlowSummary() { this = "async.[IterationCallCallbacksFirstArg]" }
override DataFlow::InvokeNode getACallSimple() {
result instanceof IterationCallCallbacksFirstArg
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
iterationCallPropagatesFlow(input, output, preservesValue, 1)
}
}
/**
* A taint step from the collection into the iterator callback (at index 2) of an iteration call.
*
* For example: `data -> item` in `async.eachLimit(data, 1, (item, cb) => {})`.
*/
class IterationCallCallbacksSecondArgFlowSummary extends DataFlow::SummarizedCallable {
IterationCallCallbacksSecondArgFlowSummary() { this = "async.[IterationCallCallbackSecondArg]" }
override DataFlow::InvokeNode getACallSimple() {
result instanceof IterationCallCallbacksSecondArg
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
iterationCallPropagatesFlow(input, output, preservesValue, 2)
} }
} }
@@ -248,7 +219,7 @@ module AsyncPackage {
* *
* For example: `data -> result` in `async.sortBy(data, orderingFn, (err, result) => {})`. * For example: `data -> result` in `async.sortBy(data, orderingFn, (err, result) => {})`.
*/ */
class IterationPreserveTaintStepFlowSummary extends DataFlow::SummarizedCallable { private class IterationPreserveTaintStepFlowSummary extends DataFlow::SummarizedCallable {
IterationPreserveTaintStepFlowSummary() { this = "async.sortBy" } IterationPreserveTaintStepFlowSummary() { this = "async.sortBy" }
override DataFlow::InvokeNode getACallSimple() { override DataFlow::InvokeNode getACallSimple() {