hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

add API in PackageExports.qll for getting a value exported under a name

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-09-09 23:18:12 +02:00
parent d3653b3030
commit 61f6580d1e
4 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
javascript/ql/src/semmle/javascript/PackageExports.qll
View File

@@ -40,7 +40,7 @@ DataFlow::Node getAValueExportedBy(PackageJSON packageJSON) {
exists(DataFlow::SourceNode callee |
callee = getAValueExportedBy(packageJSON).(DataFlow::NewNode).getCalleeNode().getALocalSource()
|
result = callee.getAPropertyRead("prototype").getAPropertyWrite()
result = callee.getAPropertyRead("prototype").getAPropertyWrite().getRhs()
or
result = callee.(DataFlow::ClassNode).getAnInstanceMethod()
)
@@ -68,10 +68,22 @@ DataFlow::Node getAValueExportedBy(PackageJSON packageJSON) {
private DataFlow::Node getAnExportFromModule(Module mod) {
result.analyze().getAValue() = mod.(NodeModule).getAModuleExportsValue()
or
exists(ASTNode export | result.getEnclosingExpr() = export | mod.exports(_, export))
result = getAnExportedValue(mod, _)
}
/**
* Gets a value exported from `mod` under `name`.
*/
DataFlow::Node getAnExportedValue(Module mod, string name) {
exists(Property export | result.asExpr() = export.getInit() | mod.exports(name, export))
or
result =
DataFlow::valueNode(any(ASTNode export | mod.exports(name, export)))
.(DataFlow::PropWrite)
.getRhs()
or
exists(ExportDeclaration export |
result = export.getSourceNode(_) and
mod = export.getTopLevel()
result = export.getSourceNode(name) and
mod = export.getEnclosingModule()
)
}

5
javascript/ql/test/library-tests/PackageExports/lib1/baz.js Normal file
View File

@@ -0,0 +1,5 @@
module.exports = {
// not imported from anywhere
foo: function foo() {},
bar: function bar() {}
}

9
javascript/ql/test/library-tests/PackageExports/tests.expected
View File

@@ -34,3 +34,12 @@ getAValueExportedBy
| lib1/sublib/package.json:1:1:3:1 | {\\n " ... b.js"\\n} | lib1/sublib/sublib.js:1:1:1:0 | this |
| lib1/sublib/package.json:1:1:3:1 | {\\n " ... b.js"\\n} | lib1/sublib/sublib.js:1:1:1:73 | module. ... rt() {} |
| lib1/sublib/package.json:1:1:3:1 | {\\n " ... b.js"\\n} | lib1/sublib/sublib.js:1:18:1:73 | functio ... rt() {} |
getAnExportedValue
| absent_main/index.js:1:1:2:0 | <toplevel> | foo | absent_main/index.js:1:22:1:34 | function() {} |
| esmodules/main.js:1:1:4:0 | <toplevel> | exported | esmodules/main.js:1:8:1:29 | functio ... ed() {} |
| lib1/baz.js:1:1:5:1 | <toplevel> | bar | lib1/baz.js:4:10:4:26 | function bar() {} |
| lib1/baz.js:1:1:5:1 | <toplevel> | foo | lib1/baz.js:3:10:3:26 | function foo() {} |
| lib1/foo.js:1:1:3:47 | <toplevel> | foo | lib1/foo.js:3:22:3:47 | functio ... ed() {} |
| lib1/main.js:1:1:17:30 | <toplevel> | Baz | lib1/main.js:17:22:17:30 | new Baz() |
| lib1/main.js:1:1:17:30 | <toplevel> | bar | lib1/main.js:5:22:9:1 | class B ... () {}\\n} |
| lib1/main.js:1:1:17:30 | <toplevel> | foo | lib1/main.js:3:22:3:40 | require("./foo.js") |

4
javascript/ql/test/library-tests/PackageExports/tests.ql
View File

@@ -6,3 +6,7 @@ query PackageJSON getTopmostPackageJSON() { result = Exports::getTopmostPackageJ
query DataFlow::Node getAValueExportedBy(PackageJSON json) {
result = Exports::getAValueExportedBy(json)
}
query DataFlow::Node getAnExportedValue(Module mod, string name) {
result = Exports::getAnExportedValue(mod, name)
}