mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
JS: Rename Node.{getASource -> asSource, getASink -> asSink}
This commit is contained in:
Asger F
@@ -28,11 +28,11 @@ module API {
|
||||
* The most basic use of API graphs is typically as follows:
|
||||
* 1. Start with `API::moduleImport` for the relevant library.
|
||||
* 2. Follow up with a chain of accessors such as `getMember` describing how to get to the relevant API function.
|
||||
* 3. Map the resulting API graph nodes to data-flow nodes, using `getASource` or `getASink`.
|
||||
* 3. Map the resulting API graph nodes to data-flow nodes, using `asSource` or `asSink`.
|
||||
*
|
||||
* For example, a simplified way to get arguments to `underscore.extend` would be
|
||||
* ```ql
|
||||
* API::moduleImport("underscore").getMember("extend").getParameter(0).getASink()
|
||||
* API::moduleImport("underscore").getMember("extend").getParameter(0).asSink()
|
||||
* ```
|
||||
*
|
||||
* The most commonly used accessors are `getMember`, `getParameter`, and `getReturn`.
|
||||
@@ -121,12 +121,12 @@ module API {
|
||||
/**
|
||||
* Get a data-flow node where this value may flow after entering the current codebase.
|
||||
*
|
||||
* This is similar to `getASource()` but additionally includes nodes that are transitively reachable by data flow.
|
||||
* See `getASource()` for examples.
|
||||
* This is similar to `asSource()` but additionally includes nodes that are transitively reachable by data flow.
|
||||
* See `asSource()` for examples.
|
||||
*/
|
||||
pragma[inline]
|
||||
DataFlow::Node getAValueReachableFromSource() {
|
||||
Impl::trackUseNode(this.getASource()).flowsTo(result)
|
||||
Impl::trackUseNode(this.asSource()).flowsTo(result)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -134,27 +134,27 @@ module API {
|
||||
*
|
||||
* For example:
|
||||
* ```js
|
||||
* // API::moduleImport("fs").getASource()
|
||||
* // API::moduleImport("fs").asSource()
|
||||
* require('fs');
|
||||
*
|
||||
* // API::moduleImport("fs").getMember("readFile").getASource()
|
||||
* // API::moduleImport("fs").getMember("readFile").asSource()
|
||||
* require('fs').readFile;
|
||||
*
|
||||
* // API::moduleImport("fs").getMember("readFile").getReturn().getASource()
|
||||
* // API::moduleImport("fs").getMember("readFile").getReturn().asSource()
|
||||
* require('fs').readFile();
|
||||
*
|
||||
* require('fs').readFile(
|
||||
* filename,
|
||||
* // 'y' matched by API::moduleImport("fs").getMember("readFile").getParameter(1).getParameter(0).getASource()
|
||||
* // 'y' matched by API::moduleImport("fs").getMember("readFile").getParameter(1).getParameter(0).asSource()
|
||||
* y => {
|
||||
* ...
|
||||
* });
|
||||
* ```
|
||||
*/
|
||||
DataFlow::SourceNode getASource() { Impl::use(this, result) }
|
||||
DataFlow::SourceNode asSource() { Impl::use(this, result) }
|
||||
|
||||
/** DEPRECATED. This predicate has been renamed to `getASource`. */
|
||||
deprecated DataFlow::SourceNode getAnImmediateUse() { result = this.getASource() }
|
||||
/** DEPRECATED. This predicate has been renamed to `asSource`. */
|
||||
deprecated DataFlow::SourceNode getAnImmediateUse() { result = this.asSource() }
|
||||
|
||||
/** DEPRECATED. This predicate has been renamed to `getAValueReachableFromSource`. */
|
||||
deprecated DataFlow::Node getAUse() { result = this.getAValueReachableFromSource() }
|
||||
@@ -162,7 +162,7 @@ module API {
|
||||
/**
|
||||
* Gets a call to the function represented by this API component.
|
||||
*/
|
||||
CallNode getACall() { result = this.getReturn().getASource() }
|
||||
CallNode getACall() { result = this.getReturn().asSource() }
|
||||
|
||||
/**
|
||||
* Gets a call to the function represented by this API component,
|
||||
@@ -177,7 +177,7 @@ module API {
|
||||
/**
|
||||
* Gets a `new` call to the function represented by this API component.
|
||||
*/
|
||||
NewNode getAnInstantiation() { result = this.getInstance().getASource() }
|
||||
NewNode getAnInstantiation() { result = this.getInstance().asSource() }
|
||||
|
||||
/**
|
||||
* Gets an invocation (with our without `new`) to the function represented by this API component.
|
||||
@@ -193,27 +193,27 @@ module API {
|
||||
*
|
||||
* For example:
|
||||
* ```js
|
||||
* // 'x' is matched by API::moduleImport("foo").getParameter(0).getASink()
|
||||
* // 'x' is matched by API::moduleImport("foo").getParameter(0).asSink()
|
||||
* require('foo')(x);
|
||||
*
|
||||
* // 'x' is matched by API::moduleImport("foo").getParameter(0).getMember("prop").getASink()
|
||||
* // 'x' is matched by API::moduleImport("foo").getParameter(0).getMember("prop").asSink()
|
||||
* require('foo')({
|
||||
* prop: x
|
||||
* });
|
||||
* ```
|
||||
*/
|
||||
DataFlow::Node getASink() { Impl::rhs(this, result) }
|
||||
DataFlow::Node asSink() { Impl::rhs(this, result) }
|
||||
|
||||
/**
|
||||
* Get a data-flow node that transitively flows to an external library (or in general, any external codebase).
|
||||
*
|
||||
* This is similar to `getASink()` but additionally includes nodes that transitively reach a sink by data flow.
|
||||
* See `getASink()` for examples.
|
||||
* This is similar to `asSink()` but additionally includes nodes that transitively reach a sink by data flow.
|
||||
* See `asSink()` for examples.
|
||||
*/
|
||||
DataFlow::Node getAValueReachingSink() { result = Impl::trackDefNode(this.getASink()) }
|
||||
DataFlow::Node getAValueReachingSink() { result = Impl::trackDefNode(this.asSink()) }
|
||||
|
||||
/** DEPRECATED. This predicate has been renamed to `getASink`. */
|
||||
deprecated DataFlow::Node getARhs() { result = this.getASink() }
|
||||
/** DEPRECATED. This predicate has been renamed to `asSink`. */
|
||||
deprecated DataFlow::Node getARhs() { result = this.asSink() }
|
||||
|
||||
/** DEPRECATED. This predicate has been renamed to `getAValueReachingSink`. */
|
||||
deprecated DataFlow::Node getAValueReachingRhs() { result = this.getAValueReachingSink() }
|
||||
@@ -451,7 +451,7 @@ module API {
|
||||
* In other words, the value of a use of `that` may flow into the right-hand side of a
|
||||
* definition of this node.
|
||||
*/
|
||||
predicate refersTo(Node that) { this.getASink() = that.getAValueReachableFromSource() }
|
||||
predicate refersTo(Node that) { this.asSink() = that.getAValueReachableFromSource() }
|
||||
|
||||
/**
|
||||
* Gets the data-flow node that gives rise to this node, if any.
|
||||
@@ -1301,8 +1301,8 @@ module API {
|
||||
API::Node callee;
|
||||
|
||||
InvokeNode() {
|
||||
this = callee.getReturn().getASource() or
|
||||
this = callee.getInstance().getASource() or
|
||||
this = callee.getReturn().asSource() or
|
||||
this = callee.getInstance().asSource() or
|
||||
this = Impl::getAPromisifiedInvocation(callee, _, _)
|
||||
}
|
||||
|
||||
@@ -1317,7 +1317,7 @@ module API {
|
||||
* Gets an API node where a RHS of the node is the `i`th argument to this call.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private Node getAParameterCandidate(int i) { result.getASink() = this.getArgument(i) }
|
||||
private Node getAParameterCandidate(int i) { result.asSink() = this.getArgument(i) }
|
||||
|
||||
/** Gets the API node for a parameter of this invocation. */
|
||||
Node getAParameter() { result = this.getParameter(_) }
|
||||
@@ -1328,13 +1328,13 @@ module API {
|
||||
/** Gets the API node for the return value of this call. */
|
||||
Node getReturn() {
|
||||
result = callee.getReturn() and
|
||||
result.getASource() = this
|
||||
result.asSource() = this
|
||||
}
|
||||
|
||||
/** Gets the API node for the object constructed by this invocation. */
|
||||
Node getInstance() {
|
||||
result = callee.getInstance() and
|
||||
result.getASource() = this
|
||||
result.asSource() = this
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ private class PlainJsonParserCall extends JsonParserCall {
|
||||
callee =
|
||||
DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript", "json-cycle"],
|
||||
"parse") or
|
||||
callee = API::moduleImport("replicator").getInstance().getMember("decode").getASource() or
|
||||
callee = API::moduleImport("replicator").getInstance().getMember("decode").asSource() or
|
||||
callee = DataFlow::moduleImport("parse-json") or
|
||||
callee = DataFlow::moduleImport("json-parse-better-errors") or
|
||||
callee = DataFlow::moduleImport("json-safe-parse") or
|
||||
|
||||
@@ -134,7 +134,7 @@ module JsonSchema {
|
||||
.ref()
|
||||
.getMember(["addSchema", "validate", "compile", "compileAsync"])
|
||||
.getParameter(0)
|
||||
.getASink()
|
||||
.asSink()
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -184,7 +184,7 @@ module JsonSchema {
|
||||
override boolean getPolarity() { none() }
|
||||
|
||||
override DataFlow::Node getAValidationResultAccess(boolean polarity) {
|
||||
result = this.getReturn().getMember("error").getASource() and
|
||||
result = this.getReturn().getMember("error").asSource() and
|
||||
polarity = false
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ class JsonStringifyCall extends DataFlow::CallNode {
|
||||
callee =
|
||||
DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript", "json-cycle"],
|
||||
"stringify") or
|
||||
callee = API::moduleImport("replicator").getInstance().getMember("encode").getASource() or
|
||||
callee = API::moduleImport("replicator").getInstance().getMember("encode").asSource() or
|
||||
callee =
|
||||
DataFlow::moduleImport([
|
||||
"json-stringify-safe", "json-stable-stringify", "stringify-object",
|
||||
|
||||
@@ -198,7 +198,7 @@ module Babel {
|
||||
.getMember(["transform", "transformSync", "transformAsync"])
|
||||
.getACall() and
|
||||
pred = call.getArgument(0) and
|
||||
succ = [call, call.getParameter(2).getParameter(0).getASource()]
|
||||
succ = [call, call.getParameter(2).getParameter(0).asSource()]
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -265,7 +265,7 @@ module ClientRequest {
|
||||
or
|
||||
responseType = this.getResponseType() and
|
||||
promise = false and
|
||||
result = this.getReturn().getPromisedError().getMember("response").getASource()
|
||||
result = this.getReturn().getPromisedError().getMember("response").asSource()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -463,7 +463,7 @@ module ClientRequest {
|
||||
*/
|
||||
private API::Node netSocketInstantiation(DataFlow::NewNode socket) {
|
||||
result = API::moduleImport("net").getMember("Socket").getInstance() and
|
||||
socket = result.getASource()
|
||||
socket = result.asSource()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -827,7 +827,7 @@ module ClientRequest {
|
||||
class ApolloClientRequest extends ClientRequest::Range, API::InvokeNode {
|
||||
ApolloClientRequest() { this = apolloUriCallee().getAnInvocation() }
|
||||
|
||||
override DataFlow::Node getUrl() { result = this.getParameter(0).getMember("uri").getASink() }
|
||||
override DataFlow::Node getUrl() { result = this.getParameter(0).getMember("uri").asSink() }
|
||||
|
||||
override DataFlow::Node getHost() { none() }
|
||||
|
||||
@@ -848,10 +848,10 @@ module ClientRequest {
|
||||
|
||||
override DataFlow::Node getUrl() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getHost() { result = this.getParameter(0).getMember("host").getASink() }
|
||||
override DataFlow::Node getHost() { result = this.getParameter(0).getMember("host").asSink() }
|
||||
|
||||
override DataFlow::Node getADataNode() {
|
||||
result = form.getMember("append").getACall().getParameter(1).getASink()
|
||||
result = form.getMember("append").getACall().getParameter(1).asSink()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ private class CredentialsFromModel extends CredentialsExpr {
|
||||
string kind;
|
||||
|
||||
CredentialsFromModel() {
|
||||
this = ModelOutput::getASinkNode("credentials[" + kind + "]").getASink().asExpr()
|
||||
this = ModelOutput::getASinkNode("credentials[" + kind + "]").asSink().asExpr()
|
||||
}
|
||||
|
||||
override string getCredentialsKind() { result = kind }
|
||||
|
||||
@@ -69,18 +69,18 @@ module D3 {
|
||||
D3XssSink() {
|
||||
exists(API::Node htmlArg |
|
||||
htmlArg = d3Selection().getMember("html").getParameter(0) and
|
||||
this = [htmlArg, htmlArg.getReturn()].getASink()
|
||||
this = [htmlArg, htmlArg.getReturn()].asSink()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
private class D3DomValueSource extends DOM::DomValueSource::Range {
|
||||
D3DomValueSource() {
|
||||
this = d3Selection().getMember("each").getReceiver().getASource()
|
||||
this = d3Selection().getMember("each").getReceiver().asSource()
|
||||
or
|
||||
this = d3Selection().getMember("node").getReturn().getASource()
|
||||
this = d3Selection().getMember("node").getReturn().asSource()
|
||||
or
|
||||
this = d3Selection().getMember("nodes").getReturn().getUnknownMember().getASource()
|
||||
this = d3Selection().getMember("nodes").getReturn().getUnknownMember().asSource()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@ module Electron {
|
||||
}
|
||||
}
|
||||
|
||||
private API::Node browserObject() { result.getASource() instanceof NewBrowserObject }
|
||||
private API::Node browserObject() { result.asSource() instanceof NewBrowserObject }
|
||||
|
||||
/**
|
||||
* A data flow node whose value may originate from a browser object instantiation.
|
||||
|
||||
@@ -89,7 +89,7 @@ private API::Node globbyFileNameSource() {
|
||||
* A file name or an array of file names from the `globby` library.
|
||||
*/
|
||||
private class GlobbyFileNameSource extends FileNameSource {
|
||||
GlobbyFileNameSource() { this = globbyFileNameSource().getASource() }
|
||||
GlobbyFileNameSource() { this = globbyFileNameSource().asSource() }
|
||||
}
|
||||
|
||||
/** Gets a file name or an array of file names from the `fast-glob` library. */
|
||||
@@ -116,7 +116,7 @@ private API::Node fastGlobFileName() {
|
||||
* A file name or an array of file names from the `fast-glob` library.
|
||||
*/
|
||||
private class FastGlobFileNameSource extends FileNameSource {
|
||||
FastGlobFileNameSource() { this = fastGlobFileName().getASource() }
|
||||
FastGlobFileNameSource() { this = fastGlobFileName().asSource() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -200,7 +200,7 @@ private class RecursiveReadDir extends FileSystemAccess, FileNameProducer, API::
|
||||
|
||||
override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getAFileName() { result = this.trackFileSource().getASource() }
|
||||
override DataFlow::Node getAFileName() { result = this.trackFileSource().asSource() }
|
||||
|
||||
private API::Node trackFileSource() {
|
||||
result = this.getParameter([1 .. 2]).getParameter(1)
|
||||
@@ -223,7 +223,7 @@ private module JsonFile {
|
||||
|
||||
override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getADataNode() { result = this.trackRead().getASource() }
|
||||
override DataFlow::Node getADataNode() { result = this.trackRead().asSource() }
|
||||
|
||||
private API::Node trackRead() {
|
||||
this.getCalleeName() = "readFile" and
|
||||
@@ -272,7 +272,7 @@ private class LoadJsonFile extends FileSystemReadAccess, API::CallNode {
|
||||
|
||||
override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getADataNode() { result = this.trackRead().getASource() }
|
||||
override DataFlow::Node getADataNode() { result = this.trackRead().asSource() }
|
||||
|
||||
private API::Node trackRead() {
|
||||
this.getCalleeName() = "sync" and result = this.getReturn()
|
||||
@@ -310,7 +310,7 @@ private class WalkDir extends FileNameProducer, FileSystemAccess, API::CallNode
|
||||
|
||||
override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getAFileName() { result = this.trackFileSource().getASource() }
|
||||
override DataFlow::Node getAFileName() { result = this.trackFileSource().asSource() }
|
||||
|
||||
private API::Node trackFileSource() {
|
||||
not this.getCalleeName() = ["sync", "async"] and
|
||||
|
||||
@@ -15,7 +15,7 @@ private class BusBoyRemoteFlow extends RemoteFlowSource {
|
||||
.getMember("on")
|
||||
.getParameter(1)
|
||||
.getAParameter()
|
||||
.getASource()
|
||||
.asSource()
|
||||
}
|
||||
|
||||
override string getSourceType() { result = "parsed user value from Busbuy" }
|
||||
@@ -49,12 +49,12 @@ private class MultipartyRemoteFlow extends RemoteFlowSource {
|
||||
MultipartyRemoteFlow() {
|
||||
exists(API::Node form | form = API::moduleImport("multiparty").getMember("Form").getInstance() |
|
||||
exists(API::CallNode parse | parse = form.getMember("parse").getACall() |
|
||||
this = parse.getParameter(1).getAParameter().getASource()
|
||||
this = parse.getParameter(1).getAParameter().asSource()
|
||||
)
|
||||
or
|
||||
exists(API::CallNode on | on = form.getMember("on").getACall() |
|
||||
on.getArgument(0).mayHaveStringValue(["part", "file", "field"]) and
|
||||
this = on.getParameter(1).getAParameter().getASource()
|
||||
this = on.getParameter(1).getAParameter().asSource()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -38,11 +38,11 @@ module History {
|
||||
|
||||
HistoryLibaryRemoteFlow() {
|
||||
exists(API::Node loc | loc = [getBrowserHistory(), getHashHistory()].getMember("location") |
|
||||
this = loc.getMember("hash").getASource() and kind.isFragment()
|
||||
this = loc.getMember("hash").asSource() and kind.isFragment()
|
||||
or
|
||||
this = loc.getMember("pathname").getASource() and kind.isPath()
|
||||
this = loc.getMember("pathname").asSource() and kind.isPath()
|
||||
or
|
||||
this = loc.getMember("search").getASource() and kind.isQuery()
|
||||
this = loc.getMember("search").asSource() and kind.isQuery()
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -19,10 +19,10 @@ private module HttpProxy {
|
||||
.getACall()
|
||||
}
|
||||
|
||||
override DataFlow::Node getUrl() { result = getParameter(0).getMember("target").getASink() }
|
||||
override DataFlow::Node getUrl() { result = getParameter(0).getMember("target").asSink() }
|
||||
|
||||
override DataFlow::Node getHost() {
|
||||
result = getParameter(0).getMember("target").getMember("host").getASink()
|
||||
result = getParameter(0).getMember("target").getMember("host").asSink()
|
||||
}
|
||||
|
||||
override DataFlow::Node getADataNode() { none() }
|
||||
@@ -49,10 +49,10 @@ private module HttpProxy {
|
||||
)
|
||||
}
|
||||
|
||||
override DataFlow::Node getUrl() { result = getOptionsObject().getMember("target").getASink() }
|
||||
override DataFlow::Node getUrl() { result = getOptionsObject().getMember("target").asSink() }
|
||||
|
||||
override DataFlow::Node getHost() {
|
||||
result = getOptionsObject().getMember("target").getMember("host").getASink()
|
||||
result = getOptionsObject().getMember("target").getMember("host").asSink()
|
||||
}
|
||||
|
||||
override DataFlow::Node getADataNode() { none() }
|
||||
@@ -78,8 +78,8 @@ private module HttpProxy {
|
||||
ProxyListenerCallback() {
|
||||
exists(API::CallNode call |
|
||||
call = any(CreateServerCall server).getReturn().getMember(["on", "once"]).getACall() and
|
||||
call.getParameter(0).getASink().mayHaveStringValue(event) and
|
||||
this = call.getParameter(1).getASink().getAFunctionValue()
|
||||
call.getParameter(0).asSink().mayHaveStringValue(event) and
|
||||
this = call.getParameter(1).asSink().getAFunctionValue()
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -61,10 +61,10 @@ module LdapJS {
|
||||
|
||||
SearchFilter() {
|
||||
options = ldapClient().getMember("search").getACall().getParameter(1) and
|
||||
this = options.getASink()
|
||||
this = options.asSink()
|
||||
}
|
||||
|
||||
override DataFlow::Node getInput() { result = options.getMember("filter").getASink() }
|
||||
override DataFlow::Node getInput() { result = options.getMember("filter").asSink() }
|
||||
|
||||
override DataFlow::Node getOutput() { result = this }
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ private module LiveServer {
|
||||
class ServerDefinition extends HTTP::Servers::StandardServerDefinition {
|
||||
ServerDefinition() { this = DataFlow::moduleImport("live-server").asExpr() }
|
||||
|
||||
API::Node getImportNode() { result.getASource().asExpr() = this }
|
||||
API::Node getImportNode() { result.asSource().asExpr() = this }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -350,7 +350,7 @@ private module Pino {
|
||||
// `pino` is installed as the "log" property on the request object in `Express` and similar libraries.
|
||||
// in `Hapi` the property is "logger".
|
||||
exists(HTTP::RequestExpr req, API::Node reqNode |
|
||||
reqNode.getASource() = req.flow().getALocalSource() and
|
||||
reqNode.asSource() = req.flow().getALocalSource() and
|
||||
result = reqNode.getMember(["log", "logger"])
|
||||
)
|
||||
}
|
||||
|
||||
@@ -163,7 +163,7 @@ module Markdown {
|
||||
or
|
||||
call = API::moduleImport("markdown-it").getMember("Markdown").getAnInvocation()
|
||||
|
|
||||
call.getParameter(0).getMember("html").getASink().mayHaveBooleanValue(true) and
|
||||
call.getParameter(0).getMember("html").asSink().mayHaveBooleanValue(true) and
|
||||
result = call.getReturn()
|
||||
)
|
||||
or
|
||||
|
||||
@@ -191,7 +191,7 @@ module NestJS {
|
||||
.getAMember()
|
||||
.getMember("useFactory")
|
||||
.getReturn()
|
||||
.getASink() = validationPipe().getInstance().getAValueReachableFromSource() and
|
||||
.asSink() = validationPipe().getInstance().getAValueReachableFromSource() and
|
||||
folder = decorator.getFile().getParentContainer()
|
||||
)
|
||||
or
|
||||
@@ -397,7 +397,7 @@ module NestJS {
|
||||
}
|
||||
|
||||
/** Gets a value returned by the decorator's callback, which becomes the value of the decorated parameter. */
|
||||
DataFlow::Node getResult() { result = getParameter(0).getReturn().getASink() }
|
||||
DataFlow::Node getResult() { result = getParameter(0).getReturn().asSink() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -425,7 +425,7 @@ module NestJS {
|
||||
private class ExpressRequestSource extends Express::RequestSource {
|
||||
ExpressRequestSource() {
|
||||
this.(DataFlow::ParameterNode).getADecorator() =
|
||||
nestjs().getMember(["Req", "Request"]).getReturn().getASource()
|
||||
nestjs().getMember(["Req", "Request"]).getReturn().asSource()
|
||||
or
|
||||
this =
|
||||
executionContext()
|
||||
@@ -433,7 +433,7 @@ module NestJS {
|
||||
.getReturn()
|
||||
.getMember("getRequest")
|
||||
.getReturn()
|
||||
.getASource()
|
||||
.asSource()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -450,7 +450,7 @@ module NestJS {
|
||||
private class ExpressResponseSource extends Express::ResponseSource {
|
||||
ExpressResponseSource() {
|
||||
this.(DataFlow::ParameterNode).getADecorator() =
|
||||
nestjs().getMember(["Res", "Response"]).getReturn().getASource()
|
||||
nestjs().getMember(["Res", "Response"]).getReturn().asSource()
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -252,6 +252,6 @@ module NextJS {
|
||||
.getParameter(0)
|
||||
.getParameter(0)
|
||||
.getMember("router")
|
||||
.getASource()
|
||||
.asSource()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ deprecated module NoSQL = NoSql;
|
||||
* Gets a value that has been assigned to the "$where" property of an object that flows to `queryArg`.
|
||||
*/
|
||||
private DataFlow::Node getADollarWhereProperty(API::Node queryArg) {
|
||||
result = queryArg.getMember("$where").getASink()
|
||||
result = queryArg.getMember("$where").asSink()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -418,7 +418,7 @@ private module Mongoose {
|
||||
param = f.getParameter(0).getParameter(1)
|
||||
|
|
||||
exists(DataFlow::MethodCallNode pred |
|
||||
// limitation: look at the previous method call
|
||||
// limitation: look at the previous method call
|
||||
Query::MethodSignatures::returnsDocumentQuery(pred.getMethodName(), asArray) and
|
||||
pred.getAMethodCall() = f.getACall()
|
||||
)
|
||||
@@ -501,7 +501,7 @@ private module Mongoose {
|
||||
|
||||
Credentials() {
|
||||
exists(string prop |
|
||||
this = createConnection().getParameter(3).getMember(prop).getASink().asExpr()
|
||||
this = createConnection().getParameter(3).getMember(prop).asSink().asExpr()
|
||||
|
|
||||
prop = "user" and kind = "user name"
|
||||
or
|
||||
@@ -518,7 +518,7 @@ private module Mongoose {
|
||||
class MongoDBQueryPart extends NoSql::Query {
|
||||
MongooseFunction f;
|
||||
|
||||
MongoDBQueryPart() { this = f.getQueryArgument().getASink().asExpr() }
|
||||
MongoDBQueryPart() { this = f.getQueryArgument().asSink().asExpr() }
|
||||
|
||||
override DataFlow::Node getACodeOperator() {
|
||||
result = getADollarWhereProperty(f.getQueryArgument())
|
||||
@@ -540,7 +540,7 @@ private module Mongoose {
|
||||
|
||||
override DataFlow::Node getAQueryArgument() {
|
||||
// NB: the complete information is not easily accessible for deeply chained calls
|
||||
f.getQueryArgument().getASink() = result
|
||||
f.getQueryArgument().asSink() = result
|
||||
}
|
||||
|
||||
override DataFlow::Node getAResult() {
|
||||
@@ -770,7 +770,7 @@ private module Redis {
|
||||
RedisKeyArgument() {
|
||||
exists(string method, int argIndex |
|
||||
QuerySignatures::argumentIsAmbiguousKey(method, argIndex) and
|
||||
this = redis().getMember(method).getParameter(argIndex).getASink().asExpr()
|
||||
this = redis().getMember(method).getParameter(argIndex).asSink().asExpr()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -739,7 +739,7 @@ module NodeJSLib {
|
||||
methodName = ["execFile", "execFileSync", "spawn", "spawnSync", "fork"]
|
||||
) and
|
||||
// all of the above methods take the command as their first argument
|
||||
result = this.getParameter(0).getASink()
|
||||
result = this.getParameter(0).asSink()
|
||||
}
|
||||
|
||||
override DataFlow::Node getACommandArgument() { result = this.getACommandArgument(_) }
|
||||
@@ -751,7 +751,7 @@ module NodeJSLib {
|
||||
override DataFlow::Node getArgumentList() {
|
||||
methodName = ["execFile", "execFileSync", "fork", "spawn", "spawnSync"] and
|
||||
// all of the above methods take the argument list as their second argument
|
||||
result = this.getParameter(1).getASink()
|
||||
result = this.getParameter(1).asSink()
|
||||
}
|
||||
|
||||
override predicate isSync() { methodName.matches("%Sync") }
|
||||
@@ -759,7 +759,7 @@ module NodeJSLib {
|
||||
override DataFlow::Node getOptionsArg() {
|
||||
not result.getALocalSource() instanceof DataFlow::FunctionNode and // looks like callback
|
||||
not result.getALocalSource() instanceof DataFlow::ArrayCreationNode and // looks like argumentlist
|
||||
not result = this.getParameter(0).getASink() and
|
||||
not result = this.getParameter(0).asSink() and
|
||||
// fork/spawn and all sync methos always has options as the last argument
|
||||
if
|
||||
methodName.matches("fork%") or
|
||||
@@ -768,7 +768,7 @@ module NodeJSLib {
|
||||
then result = this.getLastArgument()
|
||||
else
|
||||
// the rest (exec/execFile) has the options argument as their second last.
|
||||
result = this.getParameter(this.getNumArgument() - 2).getASink()
|
||||
result = this.getParameter(this.getNumArgument() - 2).asSink()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ private module Prettier {
|
||||
call = API::moduleImport("prettier").getMember("formatWithCursor").getACall()
|
||||
|
|
||||
pred = call.getArgument(0) and
|
||||
succ = call.getReturn().getMember("formatted").getASource()
|
||||
succ = call.getReturn().getMember("formatted").asSource()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -86,7 +86,7 @@ module Puppeteer {
|
||||
this = page().getMember(["addStyleTag", "addScriptTag"]).getACall()
|
||||
}
|
||||
|
||||
override DataFlow::Node getUrl() { result = getParameter(0).getMember("url").getASink() }
|
||||
override DataFlow::Node getUrl() { result = getParameter(0).getMember("url").asSink() }
|
||||
|
||||
override DataFlow::Node getHost() { none() }
|
||||
|
||||
|
||||
@@ -61,7 +61,7 @@ module Redux {
|
||||
DataFlow::SourceNode ref() { result = asApiNode().getAValueReachableFromSource() }
|
||||
|
||||
/** Gets an API node that refers to this store creation. */
|
||||
API::Node asApiNode() { result.getASource() = this }
|
||||
API::Node asApiNode() { result.asSource() = this }
|
||||
|
||||
/** Gets the data flow node holding the root reducer for this store. */
|
||||
DataFlow::Node getReducerArg() { result = super.getReducerArg() }
|
||||
@@ -94,7 +94,7 @@ module Redux {
|
||||
}
|
||||
|
||||
override DataFlow::Node getReducerArg() {
|
||||
result = getParameter(0).getMember("reducer").getASink()
|
||||
result = getParameter(0).getMember("reducer").asSink()
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -106,7 +106,7 @@ module Redux {
|
||||
private API::Node rootState() {
|
||||
result instanceof RootStateSource
|
||||
or
|
||||
stateStep(rootState().getAValueReachableFromSource(), result.getASource())
|
||||
stateStep(rootState().getAValueReachableFromSource(), result.asSource())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -120,7 +120,7 @@ module Redux {
|
||||
accessPath = joinAccessPaths(base, prop)
|
||||
)
|
||||
or
|
||||
stateStep(rootStateAccessPath(accessPath).getAValueReachableFromSource(), result.getASource())
|
||||
stateStep(rootStateAccessPath(accessPath).getAValueReachableFromSource(), result.asSource())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -193,7 +193,7 @@ module Redux {
|
||||
CombineReducers() { this = combineReducers().getACall() }
|
||||
|
||||
override DataFlow::Node getStateHandlerArg(string prop) {
|
||||
result = getParameter(0).getMember(prop).getASink()
|
||||
result = getParameter(0).getMember(prop).asSink()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -235,7 +235,7 @@ module Redux {
|
||||
|
||||
override DataFlow::Node getActionHandlerArg(DataFlow::Node actionType) {
|
||||
exists(DataFlow::PropWrite write |
|
||||
result = getParameter(0).getAMember().getASink() and
|
||||
result = getParameter(0).getAMember().asSink() and
|
||||
write.getRhs() = result and
|
||||
actionType = write.getPropertyNameExpr().flow()
|
||||
)
|
||||
@@ -374,7 +374,7 @@ module Redux {
|
||||
|
||||
CreateSliceReducer() {
|
||||
call = API::moduleImport("@reduxjs/toolkit").getMember("createSlice").getACall() and
|
||||
this = call.getReturn().getMember("reducer").getASource()
|
||||
this = call.getReturn().getMember("reducer").asSource()
|
||||
}
|
||||
|
||||
private API::Node getABuilderRef() {
|
||||
@@ -385,14 +385,14 @@ module Redux {
|
||||
|
||||
override DataFlow::Node getActionHandlerArg(DataFlow::Node actionType) {
|
||||
exists(string name |
|
||||
result = call.getParameter(0).getMember("reducers").getMember(name).getASink() and
|
||||
actionType = call.getReturn().getMember("actions").getMember(name).getASource()
|
||||
result = call.getParameter(0).getMember("reducers").getMember(name).asSink() and
|
||||
actionType = call.getReturn().getMember("actions").getMember(name).asSource()
|
||||
)
|
||||
or
|
||||
// Properties of 'extraReducers':
|
||||
// { extraReducers: { [action]: reducer }}
|
||||
exists(DataFlow::PropWrite write |
|
||||
result = call.getParameter(0).getMember("extraReducers").getAMember().getASink() and
|
||||
result = call.getParameter(0).getMember("extraReducers").getAMember().asSink() and
|
||||
write.getRhs() = result and
|
||||
actionType = write.getPropertyNameExpr().flow()
|
||||
)
|
||||
@@ -444,8 +444,8 @@ module Redux {
|
||||
or
|
||||
// x -> bindActionCreators({ x, ... })
|
||||
exists(BindActionCreatorsCall bind, string prop |
|
||||
ref(t.continue()).flowsTo(bind.getParameter(0).getMember(prop).getASink()) and
|
||||
result = bind.getReturn().getMember(prop).getASource()
|
||||
ref(t.continue()).flowsTo(bind.getParameter(0).getMember(prop).asSink()) and
|
||||
result = bind.getReturn().getMember(prop).asSource()
|
||||
)
|
||||
or
|
||||
// x -> combineActions(x, ...)
|
||||
@@ -580,11 +580,11 @@ module Redux {
|
||||
|
||||
MultiAction() {
|
||||
createActions = API::moduleImport("redux-actions").getMember("createActions").getACall() and
|
||||
this = createActions.getReturn().getMember(name).getASource()
|
||||
this = createActions.getReturn().getMember(name).asSource()
|
||||
}
|
||||
|
||||
override DataFlow::FunctionNode getMiddlewareFunction(boolean async) {
|
||||
result.flowsTo(createActions.getParameter(0).getMember(getTypeTag()).getASink()) and
|
||||
result.flowsTo(createActions.getParameter(0).getMember(getTypeTag()).asSink()) and
|
||||
async = false
|
||||
}
|
||||
|
||||
@@ -614,12 +614,12 @@ module Redux {
|
||||
|
||||
CreateSliceAction() {
|
||||
call = API::moduleImport("@reduxjs/toolkit").getMember("createSlice").getACall() and
|
||||
this = call.getReturn().getMember("actions").getMember(actionName).getASource()
|
||||
this = call.getReturn().getMember("actions").getMember(actionName).asSource()
|
||||
}
|
||||
|
||||
override string getTypeTag() {
|
||||
exists(string prefix |
|
||||
call.getParameter(0).getMember("name").getASink().mayHaveStringValue(prefix) and
|
||||
call.getParameter(0).getMember("name").asSink().mayHaveStringValue(prefix) and
|
||||
result = prefix + "/" + actionName
|
||||
)
|
||||
}
|
||||
@@ -885,12 +885,12 @@ module Redux {
|
||||
accessPath = getAffectedStateAccessPath(reducer)
|
||||
|
|
||||
pred = function.getReturnNode() and
|
||||
succ = rootStateAccessPath(accessPath).getASource()
|
||||
succ = rootStateAccessPath(accessPath).asSource()
|
||||
or
|
||||
exists(string suffix, DataFlow::SourceNode base |
|
||||
base = [function.getParameter(0), function.getReturnNode().getALocalSource()] and
|
||||
pred = AccessPath::getAnAssignmentTo(base, suffix) and
|
||||
succ = rootStateAccessPath(accessPath + "." + suffix).getASource()
|
||||
succ = rootStateAccessPath(accessPath + "." + suffix).asSource()
|
||||
)
|
||||
)
|
||||
or
|
||||
@@ -901,7 +901,7 @@ module Redux {
|
||||
reducer.isRootStateHandler() and
|
||||
base = [function.getParameter(0), function.getReturnNode().getALocalSource()] and
|
||||
pred = AccessPath::getAnAssignmentTo(base, suffix) and
|
||||
succ = rootStateAccessPath(suffix).getASource()
|
||||
succ = rootStateAccessPath(suffix).asSource()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -994,7 +994,7 @@ module Redux {
|
||||
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(API::CallNode call |
|
||||
call = useSelector().getACall() and
|
||||
pred = call.getParameter(0).getReturn().getASink() and
|
||||
pred = call.getParameter(0).getReturn().asSink() and
|
||||
succ = call
|
||||
)
|
||||
}
|
||||
@@ -1046,19 +1046,19 @@ module Redux {
|
||||
//
|
||||
// const mapDispatchToProps = { foo }
|
||||
//
|
||||
result = getMapDispatchToProps().getMember(name).getASink()
|
||||
result = getMapDispatchToProps().getMember(name).asSink()
|
||||
or
|
||||
//
|
||||
// const mapDispatchToProps = dispatch => ( { foo } )
|
||||
//
|
||||
result = getMapDispatchToProps().getReturn().getMember(name).getASink()
|
||||
result = getMapDispatchToProps().getReturn().getMember(name).asSink()
|
||||
or
|
||||
// Explicitly bound by bindActionCreators:
|
||||
//
|
||||
// const mapDispatchToProps = dispatch => bindActionCreators({ foo }, dispatch);
|
||||
//
|
||||
exists(BindActionCreatorsCall bind |
|
||||
bind.flowsTo(getMapDispatchToProps().getReturn().getASink()) and
|
||||
bind.flowsTo(getMapDispatchToProps().getReturn().asSink()) and
|
||||
result = bind.getOptionArgument(0, name)
|
||||
)
|
||||
}
|
||||
@@ -1113,12 +1113,12 @@ module Redux {
|
||||
|
||||
override API::Node getMapStateToProps() {
|
||||
result = getAParameter() and
|
||||
result.getASink().asExpr().(Identifier).getName() = "mapStateToProps"
|
||||
result.asSink().asExpr().(Identifier).getName() = "mapStateToProps"
|
||||
}
|
||||
|
||||
override API::Node getMapDispatchToProps() {
|
||||
result = getAParameter() and
|
||||
result.getASink().asExpr().(Identifier).getName() = "mapDispatchToProps"
|
||||
result.asSink().asExpr().(Identifier).getName() = "mapDispatchToProps"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1128,7 +1128,7 @@ module Redux {
|
||||
private class StateToPropsStep extends StateStep {
|
||||
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(ConnectCall call |
|
||||
pred = call.getMapStateToProps().getReturn().getASink() and
|
||||
pred = call.getMapStateToProps().getReturn().asSink() and
|
||||
succ = call.getReactComponent().getADirectPropsAccess()
|
||||
)
|
||||
}
|
||||
@@ -1219,13 +1219,13 @@ module Redux {
|
||||
// Return value of `i`th callback flows to the `i`th parameter of the last callback.
|
||||
exists(CreateSelectorCall call, int index |
|
||||
call.getNumArgument() > 1 and
|
||||
pred = call.getSelectorFunction(index).getReturn().getASink() and
|
||||
succ = call.getLastParameter().getParameter(index).getASource()
|
||||
pred = call.getSelectorFunction(index).getReturn().asSink() and
|
||||
succ = call.getLastParameter().getParameter(index).asSource()
|
||||
)
|
||||
or
|
||||
// The result of the last callback is the final result
|
||||
exists(CreateSelectorCall call |
|
||||
pred = call.getLastParameter().getReturn().getASink() and
|
||||
pred = call.getLastParameter().getReturn().asSink() and
|
||||
succ = call
|
||||
)
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ module SQL {
|
||||
abstract class SqlString extends Expr { }
|
||||
|
||||
private class SqlStringFromModel extends SqlString {
|
||||
SqlStringFromModel() { this = ModelOutput::getASinkNode("sql-injection").getASink().asExpr() }
|
||||
SqlStringFromModel() { this = ModelOutput::getASinkNode("sql-injection").asSink().asExpr() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -109,7 +109,7 @@ private module MySql {
|
||||
Credentials() {
|
||||
exists(API::Node callee, string prop |
|
||||
callee in [createConnection(), createPool()] and
|
||||
this = callee.getParameter(0).getMember(prop).getASink().asExpr() and
|
||||
this = callee.getParameter(0).getMember(prop).asSink().asExpr() and
|
||||
(
|
||||
prop = "user" and kind = "user name"
|
||||
or
|
||||
@@ -200,7 +200,7 @@ private module Postgres {
|
||||
QueryString() {
|
||||
this = any(QueryCall qc).getAQueryArgument().asExpr()
|
||||
or
|
||||
this = API::moduleImport("pg-cursor").getParameter(0).getASink().asExpr()
|
||||
this = API::moduleImport("pg-cursor").getParameter(0).asSink().asExpr()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -210,9 +210,9 @@ private module Postgres {
|
||||
|
||||
Credentials() {
|
||||
exists(string prop |
|
||||
this = [newClient(), newPool()].getParameter(0).getMember(prop).getASink().asExpr()
|
||||
this = [newClient(), newPool()].getParameter(0).getMember(prop).asSink().asExpr()
|
||||
or
|
||||
this = pgPromise().getParameter(0).getMember(prop).getASink().asExpr()
|
||||
this = pgPromise().getParameter(0).getMember(prop).asSink().asExpr()
|
||||
|
|
||||
prop = "user" and kind = "user name"
|
||||
or
|
||||
@@ -383,7 +383,7 @@ private module Sqlite {
|
||||
/** A call to a Sqlite query method. */
|
||||
private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
|
||||
QueryCall() {
|
||||
this = getAChainingQueryCall().getASource()
|
||||
this = getAChainingQueryCall().asSource()
|
||||
or
|
||||
this = database().getMember("prepare").getACall()
|
||||
}
|
||||
@@ -495,7 +495,7 @@ private module MsSql {
|
||||
or
|
||||
callee = mssql().getMember("ConnectionPool")
|
||||
) and
|
||||
this = callee.getParameter(0).getMember(prop).getASink().asExpr() and
|
||||
this = callee.getParameter(0).getMember(prop).asSink().asExpr() and
|
||||
(
|
||||
prop = "user" and kind = "user name"
|
||||
or
|
||||
|
||||
@@ -27,7 +27,7 @@ private module Snapdragon {
|
||||
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(string methodName, API::CallNode set, API::CallNode call, API::Node base |
|
||||
// the handler, registered with a call to `.set`.
|
||||
set = getSetCall+(base.getMember(methodName + "r")).getASource() and
|
||||
set = getSetCall+(base.getMember(methodName + "r")).asSource() and
|
||||
// the snapdragon instance. The API is chaining, you can also use the instance directly.
|
||||
base = API::moduleImport("snapdragon").getInstance() and
|
||||
methodName = ["parse", "compile"] and
|
||||
@@ -47,7 +47,7 @@ private module Snapdragon {
|
||||
or
|
||||
// for compiler handlers the input is the first parameter.
|
||||
methodName = "compile" and
|
||||
succ = set.getParameter(1).getParameter(0).getASource()
|
||||
succ = set.getParameter(1).getParameter(0).asSource()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -41,7 +41,7 @@ module SocketIO {
|
||||
class ServerObject extends SocketIOObject {
|
||||
API::Node node;
|
||||
|
||||
ServerObject() { node = newServer() and this = node.getASource() }
|
||||
ServerObject() { node = newServer() and this = node.asSource() }
|
||||
|
||||
/** Gets the Api node for this server. */
|
||||
API::Node asApiNode() { result = node }
|
||||
@@ -119,7 +119,7 @@ module SocketIO {
|
||||
API::Node node;
|
||||
|
||||
NamespaceBase() {
|
||||
this = node.getASource() and
|
||||
this = node.asSource() and
|
||||
exists(ServerObject srv |
|
||||
// namespace lookup on `srv`
|
||||
node = srv.asApiNode().getMember("sockets") and
|
||||
|
||||
@@ -233,7 +233,7 @@ module Templating {
|
||||
/** Gets an API node that may flow to `succ` through a template instantiation. */
|
||||
private API::Node getTemplateInput(DataFlow::SourceNode succ) {
|
||||
exists(TemplateInstantiation inst, API::Node base, string name |
|
||||
base.getASink() = inst.getTemplateParamsNode() and
|
||||
base.asSink() = inst.getTemplateParamsNode() and
|
||||
result = base.getMember(name) and
|
||||
succ =
|
||||
inst.getTemplateFile()
|
||||
@@ -244,7 +244,7 @@ module Templating {
|
||||
)
|
||||
or
|
||||
exists(TemplateInstantiation inst, string accessPath |
|
||||
result.getASink() = inst.getTemplateParamForValue(accessPath) and
|
||||
result.asSink() = inst.getTemplateParamForValue(accessPath) and
|
||||
succ =
|
||||
inst.getTemplateFile()
|
||||
.getAnImportedFile*()
|
||||
@@ -261,7 +261,7 @@ module Templating {
|
||||
|
||||
private class TemplateInputStep extends DataFlow::SharedFlowStep {
|
||||
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
getTemplateInput(succ).getASink() = pred
|
||||
getTemplateInput(succ).asSink() = pred
|
||||
}
|
||||
}
|
||||
|
||||
@@ -321,7 +321,7 @@ module Templating {
|
||||
result = this.getStringValue()
|
||||
or
|
||||
exists(API::Node node |
|
||||
this = node.getASink() and
|
||||
this = node.asSink() and
|
||||
result = node.getAValueReachingSink().getStringValue()
|
||||
)
|
||||
}
|
||||
@@ -716,7 +716,7 @@ module Templating {
|
||||
override TemplateSyntax getTemplateSyntax() { result.getAPackageName() = engine }
|
||||
|
||||
override DataFlow::SourceNode getOutput() {
|
||||
result = this.getParameter([1, 2]).getParameter(1).getASource()
|
||||
result = this.getParameter([1, 2]).getParameter(1).asSource()
|
||||
or
|
||||
not exists(this.getParameter([1, 2]).getParameter(1)) and
|
||||
result = this
|
||||
|
||||
@@ -21,7 +21,7 @@ module ParseTorrent {
|
||||
node = mod().getReturn() or
|
||||
node = mod().getMember("remote").getParameter(1).getParameter(1)
|
||||
) and
|
||||
this = node.getASource()
|
||||
this = node.asSource()
|
||||
}
|
||||
|
||||
/** Gets the API node for this torrent object. */
|
||||
@@ -40,7 +40,7 @@ module ParseTorrent {
|
||||
UserControlledTorrentInfo() {
|
||||
exists(API::Node read |
|
||||
read = any(ParsedTorrent t).asApiNode().getAMember() and
|
||||
this = read.getASource()
|
||||
this = read.asSource()
|
||||
|
|
||||
exists(string prop |
|
||||
not (
|
||||
|
||||
@@ -36,7 +36,7 @@ module TrustedTypes {
|
||||
private class PolicyInputStep extends DataFlow::SharedFlowStep {
|
||||
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(PolicyCreation policy, string method |
|
||||
pred = policy.getReturn().getMember(method).getParameter(0).getASink() and
|
||||
pred = policy.getReturn().getMember(method).getParameter(0).asSink() and
|
||||
succ = policy.getPolicyCallback(method).getParameter(0)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -190,7 +190,7 @@ module Querystringify {
|
||||
* Gets a data flow source node for member `name` of the querystringify library.
|
||||
*/
|
||||
DataFlow::SourceNode querystringifyMember(string name) {
|
||||
result = querystringify().getMember(name).getASource()
|
||||
result = querystringify().getMember(name).asSource()
|
||||
}
|
||||
|
||||
/** Gets an API node referring to the `querystringify` module. */
|
||||
|
||||
@@ -37,7 +37,7 @@ module Vue {
|
||||
/**
|
||||
* Gets a reference to the 'Vue' object.
|
||||
*/
|
||||
DataFlow::SourceNode vue() { result = vueLibrary().getASource() }
|
||||
DataFlow::SourceNode vue() { result = vueLibrary().asSource() }
|
||||
|
||||
/** Gets an API node referring to a component or `Vue`. */
|
||||
private API::Node component() {
|
||||
@@ -173,7 +173,7 @@ module Vue {
|
||||
/** Gets a component which is extended by this one. */
|
||||
Component getABaseComponent() {
|
||||
result.getComponentRef().getAValueReachableFromSource() =
|
||||
getOwnOptions().getMember(["extends", "mixins"]).getASink()
|
||||
getOwnOptions().getMember(["extends", "mixins"]).asSink()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -196,7 +196,7 @@ module Vue {
|
||||
* Gets the options passed to the Vue object, such as the object literal `{...}` in `new Vue{{...})`
|
||||
* or the default export of a single-file component.
|
||||
*/
|
||||
deprecated DataFlow::Node getOwnOptionsObject() { result = getOwnOptions().getASink() }
|
||||
deprecated DataFlow::Node getOwnOptionsObject() { result = getOwnOptions().asSink() }
|
||||
|
||||
/**
|
||||
* Gets the class implementing this Vue component, if any.
|
||||
@@ -210,13 +210,13 @@ module Vue {
|
||||
* Gets the node for option `name` for this component, not including
|
||||
* those from extended objects and mixins.
|
||||
*/
|
||||
DataFlow::Node getOwnOption(string name) { result = getOwnOptions().getMember(name).getASink() }
|
||||
DataFlow::Node getOwnOption(string name) { result = getOwnOptions().getMember(name).asSink() }
|
||||
|
||||
/**
|
||||
* Gets the node for option `name` for this component, including those from
|
||||
* extended objects and mixins.
|
||||
*/
|
||||
DataFlow::Node getOption(string name) { result = getOptions().getMember(name).getASink() }
|
||||
DataFlow::Node getOption(string name) { result = getOptions().getMember(name).asSink() }
|
||||
|
||||
/**
|
||||
* Gets a source node flowing into the option `name` of this component, including those from
|
||||
@@ -324,10 +324,10 @@ module Vue {
|
||||
}
|
||||
|
||||
/** Gets an API node referring to an instance of this component. */
|
||||
API::Node getInstance() { result.getASource() = getABoundFunction().getReceiver() }
|
||||
API::Node getInstance() { result.asSource() = getABoundFunction().getReceiver() }
|
||||
|
||||
/** Gets a data flow node referring to an instance of this component. */
|
||||
DataFlow::SourceNode getAnInstanceRef() { result = getInstance().getASource() }
|
||||
DataFlow::SourceNode getAnInstanceRef() { result = getInstance().asSource() }
|
||||
|
||||
pragma[noinline]
|
||||
private DataFlow::PropWrite getAPropertyValueWrite(string name) {
|
||||
@@ -527,13 +527,13 @@ module Vue {
|
||||
// of the .vue file.
|
||||
exists(Import imprt |
|
||||
imprt.getImportedPath().resolve() = file and
|
||||
result.getASource() = imprt.getImportedModuleNode()
|
||||
result.asSource() = imprt.getImportedModuleNode()
|
||||
)
|
||||
}
|
||||
|
||||
override API::Node getOwnOptions() {
|
||||
// Use the entry point generated by `VueExportEntryPoint`
|
||||
result.getASink() = getModule().getDefaultOrBulkExport()
|
||||
result.asSink() = getModule().getDefaultOrBulkExport()
|
||||
}
|
||||
|
||||
override string toString() { result = file.toString() }
|
||||
@@ -689,7 +689,7 @@ module Vue {
|
||||
t.start() and
|
||||
(
|
||||
exists(API::Node router | router = API::moduleImport("vue-router") |
|
||||
result = router.getInstance().getMember("currentRoute").getASource()
|
||||
result = router.getInstance().getMember("currentRoute").asSource()
|
||||
or
|
||||
result =
|
||||
router
|
||||
@@ -697,13 +697,12 @@ module Vue {
|
||||
.getMember(["beforeEach", "beforeResolve", "afterEach"])
|
||||
.getParameter(0)
|
||||
.getParameter([0, 1])
|
||||
.getASource()
|
||||
.asSource()
|
||||
or
|
||||
result =
|
||||
router.getParameter(0).getMember("scrollBehavior").getParameter([0, 1]).getASource()
|
||||
result = router.getParameter(0).getMember("scrollBehavior").getParameter([0, 1]).asSource()
|
||||
)
|
||||
or
|
||||
result = routeConfig().getMember("beforeEnter").getParameter([0, 1]).getASource()
|
||||
result = routeConfig().getMember("beforeEnter").getParameter([0, 1]).asSource()
|
||||
or
|
||||
exists(Component c |
|
||||
result = c.getABoundFunction().getAFunctionValue().getReceiver().getAPropertyRead("$route")
|
||||
|
||||
@@ -118,10 +118,10 @@ module Vuex {
|
||||
Vue::Component getVueComponent() {
|
||||
exists(DataFlow::ObjectLiteralNode obj |
|
||||
obj.getASpreadProperty() = getReturn().getAValueReachableFromSource() and
|
||||
result.getOwnOptions().getAMember().getASink() = obj
|
||||
result.getOwnOptions().getAMember().asSink() = obj
|
||||
)
|
||||
or
|
||||
result.getOwnOptions().getAMember().getASink() = this
|
||||
result.getOwnOptions().getAMember().asSink() = this
|
||||
}
|
||||
}
|
||||
|
||||
@@ -147,7 +147,7 @@ module Vuex {
|
||||
/** Gets a value that is returned by a getter registered with the given name. */
|
||||
private DataFlow::Node getterPred(string name) {
|
||||
exists(string prefix, string prop |
|
||||
result = storeConfigObject(prefix).getMember("getters").getMember(prop).getReturn().getASink() and
|
||||
result = storeConfigObject(prefix).getMember("getters").getMember(prop).getReturn().asSink() and
|
||||
name = prefix + prop
|
||||
)
|
||||
}
|
||||
@@ -155,12 +155,12 @@ module Vuex {
|
||||
/** Gets a property access that may receive the produced by a getter of the given name. */
|
||||
private DataFlow::Node getterSucc(string name) {
|
||||
exists(string prefix, string prop |
|
||||
result = storeRef(prefix).getMember("getters").getMember(prop).getASource() and
|
||||
result = storeRef(prefix).getMember("getters").getMember(prop).asSource() and
|
||||
prop != "*" and
|
||||
name = prefix + prop
|
||||
)
|
||||
or
|
||||
result = getAMappedAccess("mapGetters", name).getASource()
|
||||
result = getAMappedAccess("mapGetters", name).asSource()
|
||||
}
|
||||
|
||||
/** Holds if `pred -> succ` is a step from a getter function to a relevant property access. */
|
||||
@@ -225,7 +225,7 @@ module Vuex {
|
||||
or
|
||||
// this.name(payload)
|
||||
// methods: {...mapMutations(['name'])} }
|
||||
result = getAMappedAccess(getMapHelperForCommitKind(kind), name).getParameter(0).getASink()
|
||||
result = getAMappedAccess(getMapHelperForCommitKind(kind), name).getParameter(0).asSink()
|
||||
}
|
||||
|
||||
/** Gets a node that refers the payload of a committed mutation with the given `name.` */
|
||||
@@ -239,7 +239,7 @@ module Vuex {
|
||||
.getMember(getStorePropForCommitKind(kind))
|
||||
.getMember(prop)
|
||||
.getParameter(1)
|
||||
.getASource() and
|
||||
.asSource() and
|
||||
prop != "*" and
|
||||
name = prefix + prop
|
||||
)
|
||||
@@ -294,7 +294,7 @@ module Vuex {
|
||||
|
||||
/** Gets a value that flows into the given access path of the state. */
|
||||
DataFlow::Node stateMutationPred(string path) {
|
||||
result = stateRefByAccessPath(path).getASink()
|
||||
result = stateRefByAccessPath(path).asSink()
|
||||
or
|
||||
exists(ExtendCall call, string base, string prop |
|
||||
call.getDestinationOperand() = stateRefByAccessPath(base).getAValueReachableFromSource() and
|
||||
@@ -304,7 +304,7 @@ module Vuex {
|
||||
}
|
||||
|
||||
/** Gets a value that refers to the given access path of the state. */
|
||||
DataFlow::Node stateMutationSucc(string path) { result = stateRefByAccessPath(path).getASource() }
|
||||
DataFlow::Node stateMutationSucc(string path) { result = stateRefByAccessPath(path).asSource() }
|
||||
|
||||
/** Holds if `pred -> succ` is a step from state mutation to state access. */
|
||||
predicate stateMutationStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
@@ -324,7 +324,7 @@ module Vuex {
|
||||
exists(MapHelperCall call |
|
||||
call.getHelperName() = "mapState" and
|
||||
component = call.getVueComponent() and
|
||||
result = call.getLastParameter().getMember(name).getReturn().getASink()
|
||||
result = call.getLastParameter().getMember(name).getReturn().asSink()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -335,7 +335,7 @@ module Vuex {
|
||||
predicate mapStateHelperStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(Vue::Component component, string name |
|
||||
pred = mapStateHelperPred(component, name) and
|
||||
succ = pragma[only_bind_out](component).getInstance().getMember(name).getASource()
|
||||
succ = pragma[only_bind_out](component).getInstance().getMember(name).asSource()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -377,7 +377,7 @@ module Vuex {
|
||||
|
||||
/** Gets a package that can be considered an entry point for a Vuex app. */
|
||||
private PackageJson entryPointPackage() {
|
||||
result = getPackageJson(storeRef().getASource().getFile())
|
||||
result = getPackageJson(storeRef().asSource().getFile())
|
||||
or
|
||||
// Any package that imports a store-creating package is considered a potential entry point.
|
||||
packageDependsOn(result, entryPointPackage())
|
||||
|
||||
@@ -100,7 +100,7 @@ module XML {
|
||||
}
|
||||
|
||||
override DataFlow::Node getAResult() {
|
||||
result = [doc(), element(), attr()].getASource()
|
||||
result = [doc(), element(), attr()].asSource()
|
||||
or
|
||||
result = element().getMember(["name", "text"]).getACall()
|
||||
or
|
||||
@@ -282,7 +282,7 @@ module XML {
|
||||
|
||||
override DataFlow::Node getAResult() {
|
||||
result =
|
||||
parser.getReturn().getMember(any(string s | s.matches("on%"))).getAParameter().getASource()
|
||||
parser.getReturn().getMember(any(string s | s.matches("on%"))).getAParameter().asSource()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ import Shared::ModelOutput as ModelOutput
|
||||
* A remote flow source originating from a CSV source row.
|
||||
*/
|
||||
private class RemoteFlowSourceFromCsv extends RemoteFlowSource {
|
||||
RemoteFlowSourceFromCsv() { this = ModelOutput::getASourceNode("remote").getASource() }
|
||||
RemoteFlowSourceFromCsv() { this = ModelOutput::getASourceNode("remote").asSource() }
|
||||
|
||||
override string getSourceType() { result = "Remote flow" }
|
||||
}
|
||||
@@ -37,8 +37,8 @@ private class RemoteFlowSourceFromCsv extends RemoteFlowSource {
|
||||
private predicate summaryStepNodes(DataFlow::Node pred, DataFlow::Node succ, string kind) {
|
||||
exists(API::Node predNode, API::Node succNode |
|
||||
Specific::summaryStep(predNode, succNode, kind) and
|
||||
pred = predNode.getASink() and
|
||||
succ = succNode.getASource()
|
||||
pred = predNode.asSink() and
|
||||
succ = succNode.asSource()
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -149,7 +149,7 @@ API::Node getExtraSuccessorFromInvoke(API::InvokeNode node, AccessPathToken toke
|
||||
or
|
||||
token.getName() = "Argument" and
|
||||
token.getAnArgument() = "this" and
|
||||
result.getASink() = node.(DataFlow::CallNode).getReceiver()
|
||||
result.asSink() = node.(DataFlow::CallNode).getReceiver()
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -49,7 +49,7 @@ module DomBasedXss {
|
||||
or
|
||||
// A construction of a JSDOM object (server side DOM), where scripts are allowed.
|
||||
exists(DataFlow::NewNode instance |
|
||||
instance = API::moduleImport("jsdom").getMember("JSDOM").getInstance().getASource() and
|
||||
instance = API::moduleImport("jsdom").getMember("JSDOM").getInstance().asSource() and
|
||||
this = instance.getArgument(0) and
|
||||
instance.getOptionArgument(1, "runScripts").mayHaveStringValue("dangerously")
|
||||
)
|
||||
|
||||
@@ -62,7 +62,7 @@ module ExceptionXss {
|
||||
*/
|
||||
private class JsonSchemaValidationError extends Source {
|
||||
JsonSchemaValidationError() {
|
||||
this = any(JsonSchema::Ajv::Instance i).getAValidationError().getASource()
|
||||
this = any(JsonSchema::Ajv::Instance i).getAValidationError().asSource()
|
||||
or
|
||||
this = any(JsonSchema::Joi::JoiValidationErrorRead r).getAValidationResultAccess(_)
|
||||
}
|
||||
|
||||
@@ -48,7 +48,7 @@ module ExternalApiUsedWithUntrustedData {
|
||||
}
|
||||
|
||||
/** Holds if `node` corresponds to a deep object argument. */
|
||||
private predicate isDeepObjectSink(API::Node node) { node.getASink() instanceof DeepObjectSink }
|
||||
private predicate isDeepObjectSink(API::Node node) { node.asSink() instanceof DeepObjectSink }
|
||||
|
||||
/**
|
||||
* A sanitizer for data flowing to an external API.
|
||||
@@ -165,9 +165,9 @@ module ExternalApiUsedWithUntrustedData {
|
||||
not param = base.getReceiver()
|
||||
|
|
||||
result = param and
|
||||
name = param.getASource().asExpr().(Parameter).getName()
|
||||
name = param.asSource().asExpr().(Parameter).getName()
|
||||
or
|
||||
param.getASource().asExpr() instanceof DestructuringPattern and
|
||||
param.asSource().asExpr() instanceof DestructuringPattern and
|
||||
result = param.getMember(name)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -74,7 +74,7 @@ module IndirectCommandInjection {
|
||||
].getMember("parse").getACall()
|
||||
or
|
||||
// `require('commander').myCmdArgumentName`
|
||||
this = commander().getAMember().getASource()
|
||||
this = commander().getAMember().asSource()
|
||||
or
|
||||
// `require('commander').opt()` => `{a: ..., b: ...}`
|
||||
this = commander().getMember("opts").getACall()
|
||||
|
||||
@@ -152,7 +152,7 @@ abstract class RateLimitingMiddleware extends DataFlow::SourceNode {
|
||||
* A rate limiter constructed using the `express-rate-limit` package.
|
||||
*/
|
||||
class ExpressRateLimit extends RateLimitingMiddleware {
|
||||
ExpressRateLimit() { this = API::moduleImport("express-rate-limit").getReturn().getASource() }
|
||||
ExpressRateLimit() { this = API::moduleImport("express-rate-limit").getReturn().asSource() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -160,7 +160,7 @@ class ExpressRateLimit extends RateLimitingMiddleware {
|
||||
*/
|
||||
class BruteForceRateLimit extends RateLimitingMiddleware {
|
||||
BruteForceRateLimit() {
|
||||
this = API::moduleImport("express-brute").getInstance().getMember("prevent").getASource()
|
||||
this = API::moduleImport("express-brute").getInstance().getMember("prevent").asSource()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -172,7 +172,7 @@ class BruteForceRateLimit extends RateLimitingMiddleware {
|
||||
*/
|
||||
class RouteHandlerLimitedByExpressLimiter extends RateLimitingMiddleware {
|
||||
RouteHandlerLimitedByExpressLimiter() {
|
||||
this = API::moduleImport("express-limiter").getReturn().getReturn().getASource()
|
||||
this = API::moduleImport("express-limiter").getReturn().getReturn().asSource()
|
||||
}
|
||||
|
||||
override Routing::Node getRoutingNode() {
|
||||
@@ -209,7 +209,7 @@ class RateLimiterFlexibleRateLimiter extends DataFlow::FunctionNode {
|
||||
rateLimiterClass = API::moduleImport("rate-limiter-flexible").getMember(rateLimiterClassName) and
|
||||
rateLimiterConsume = rateLimiterClass.getInstance().getMember("consume") and
|
||||
request.getParameter() = getRouteHandlerParameter(this.getFunction(), "request") and
|
||||
request.getAPropertyRead().flowsTo(rateLimiterConsume.getAParameter().getASink())
|
||||
request.getAPropertyRead().flowsTo(rateLimiterConsume.getAParameter().asSink())
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -173,7 +173,7 @@ private class ExternalRemoteFlowSourceSpecEntryPoint extends API::EntryPoint {
|
||||
private class ExternalRemoteFlowSource extends RemoteFlowSource {
|
||||
RemoteFlowSourceAccessPath ap;
|
||||
|
||||
ExternalRemoteFlowSource() { Stages::Taint::ref() and this = ap.resolve().getASource() }
|
||||
ExternalRemoteFlowSource() { Stages::Taint::ref() and this = ap.resolve().asSource() }
|
||||
|
||||
override string getSourceType() { result = ap.getSourceType() }
|
||||
}
|
||||
|
||||
@@ -51,7 +51,7 @@ module SqlInjection {
|
||||
this = any(LdapJS::ClientCall call).getArgument(0)
|
||||
or
|
||||
// A search options object, which contains a filter and a baseDN.
|
||||
this = any(LdapJS::SearchOptions opt).getASink()
|
||||
this = any(LdapJS::SearchOptions opt).asSink()
|
||||
or
|
||||
// A call to "parseDN", which parses a DN from a string.
|
||||
this = LdapJS::ldapjs().getMember("parseDN").getACall().getArgument(0)
|
||||
|
||||
@@ -681,7 +681,7 @@ module TaintedPath {
|
||||
.getMember(["pdf", "screenshot"])
|
||||
.getParameter(0)
|
||||
.getMember("path")
|
||||
.getASink()
|
||||
.asSink()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -702,7 +702,7 @@ module TaintedPath {
|
||||
.getACall()
|
||||
.getParameter(1)
|
||||
.getMember("config")
|
||||
.getASink()
|
||||
.asSink()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -716,7 +716,7 @@ module TaintedPath {
|
||||
.getMember(["readPackageAsync", "readPackageSync"])
|
||||
.getParameter(0)
|
||||
.getMember("cwd")
|
||||
.getASink()
|
||||
.asSink()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -726,8 +726,8 @@ module TaintedPath {
|
||||
private class ShellCwdSink extends TaintedPath::Sink {
|
||||
ShellCwdSink() {
|
||||
exists(SystemCommandExecution sys, API::Node opts |
|
||||
opts.getASink() = sys.getOptionsArg() and // assuming that an API::Node exists here.
|
||||
this = opts.getMember("cwd").getASink()
|
||||
opts.asSink() = sys.getOptionsArg() and // assuming that an API::Node exists here.
|
||||
this = opts.getMember("cwd").asSink()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -208,7 +208,7 @@ module XssThroughDom {
|
||||
exists(API::Node useForm |
|
||||
useForm = API::moduleImport("react-hook-form").getMember("useForm").getReturn()
|
||||
|
|
||||
this = useForm.getMember("handleSubmit").getParameter(0).getParameter(0).getASource()
|
||||
this = useForm.getMember("handleSubmit").getParameter(0).getParameter(0).asSource()
|
||||
or
|
||||
this = useForm.getMember("getValues").getACall()
|
||||
)
|
||||
|
||||
@@ -103,7 +103,7 @@ module ZipSlip {
|
||||
class JSZipFilesSource extends Source instanceof DynamicPropertyAccess::EnumeratedPropName {
|
||||
JSZipFilesSource() {
|
||||
super.getSourceObject() =
|
||||
API::moduleImport("jszip").getInstance().getMember("files").getASource()
|
||||
API::moduleImport("jszip").getInstance().getMember("files").asSource()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -116,7 +116,7 @@ module ZipSlip {
|
||||
.getMember(["forEach", "filter"])
|
||||
.getParameter(0)
|
||||
.getParameter(0)
|
||||
.getASource()
|
||||
.asSource()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ where
|
||||
or
|
||||
// the same thing, but with API-nodes if they happen to be available
|
||||
exists(API::Node tlsInvk | tlsInvk.getAnInvocation() = tlsInvocation() |
|
||||
disable.getRhs() = tlsInvk.getAParameter().getMember("rejectUnauthorized").getASink()
|
||||
disable.getRhs() = tlsInvk.getAParameter().getMember("rejectUnauthorized").asSink()
|
||||
)
|
||||
) and
|
||||
disable.getRhs().(AnalyzedNode).getTheBooleanValue() = false
|
||||
|
||||
@@ -143,7 +143,7 @@ API::CallNode passportAuthenticateCall() {
|
||||
*/
|
||||
API::CallNode nonSessionBasedAuthMiddleware() {
|
||||
result = passportAuthenticateCall() and
|
||||
result.getParameter(1).getMember("session").getASink().mayHaveBooleanValue(false)
|
||||
result.getParameter(1).getMember("session").asSink().mayHaveBooleanValue(false)
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
import javascript
|
||||
import meta.MetaMetrics
|
||||
|
||||
select projectRoot(), count(any(API::Node nd).getASink())
|
||||
select projectRoot(), count(any(API::Node nd).asSink())
|
||||
|
||||
@@ -21,7 +21,7 @@ import javascript
|
||||
|
||||
private DataFlow::Node getNode(API::Node nd, string kind) {
|
||||
kind = "def" and
|
||||
result = nd.getASink()
|
||||
result = nd.asSink()
|
||||
or
|
||||
kind = "use" and
|
||||
result = nd.getAValueReachableFromSource()
|
||||
|
||||
@@ -3,9 +3,9 @@ import javascript
|
||||
class FooCall extends API::CallNode {
|
||||
FooCall() { this = API::moduleImport("mylibrary").getMember("foo").getACall() }
|
||||
|
||||
DataFlow::Node getFirst() { result = getParameter(0).getMember("value").getASink() }
|
||||
DataFlow::Node getFirst() { result = getParameter(0).getMember("value").asSink() }
|
||||
|
||||
DataFlow::Node getSecond() { result = getParameter(1).getMember("value").getASink() }
|
||||
DataFlow::Node getSecond() { result = getParameter(1).getMember("value").asSink() }
|
||||
}
|
||||
|
||||
query predicate values(FooCall call, int first, int second) {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import javascript
|
||||
|
||||
from string mod, string tp
|
||||
select mod, tp, API::Node::ofType(mod, tp).getASource()
|
||||
select mod, tp, API::Node::ofType(mod, tp).asSource()
|
||||
|
||||
@@ -9,12 +9,12 @@ class Taint extends TaintTracking::Configuration {
|
||||
override predicate isSource(DataFlow::Node node) {
|
||||
node.(DataFlow::CallNode).getCalleeName() = "source"
|
||||
or
|
||||
node = testInstance().getMember("getSource").getReturn().getASource()
|
||||
node = testInstance().getMember("getSource").getReturn().asSource()
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node node) {
|
||||
node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument()
|
||||
or
|
||||
node = testInstance().getMember("getSink").getAParameter().getASink()
|
||||
node = testInstance().getMember("getSink").getAParameter().asSink()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -62,13 +62,13 @@ class BasicTaintTracking extends TaintTracking::Configuration {
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
source.(DataFlow::CallNode).getCalleeName() = "source"
|
||||
or
|
||||
source = ModelOutput::getASourceNode("test-source").getASource()
|
||||
source = ModelOutput::getASourceNode("test-source").asSource()
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument()
|
||||
or
|
||||
sink = ModelOutput::getASinkNode("test-sink").getASink()
|
||||
sink = ModelOutput::getASinkNode("test-sink").asSink()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -77,7 +77,7 @@ query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) {
|
||||
}
|
||||
|
||||
query predicate isSink(DataFlow::Node node, string kind) {
|
||||
node = ModelOutput::getASinkNode(kind).getASink()
|
||||
node = ModelOutput::getASinkNode(kind).asSink()
|
||||
}
|
||||
|
||||
class SyntaxErrorTest extends ModelInput::SinkModelCsv {
|
||||
|
||||
Reference in New Issue
Block a user