hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

base implementation of Sequelize model on models-as-data

Browse Source
This commit is contained in:
Stephan Brandauer
2022-01-13 09:39:52 +01:00
parent 09a28c428c
commit 63aaf24063
1 changed files with 10 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
View File

@@ -435,7 +435,7 @@ private module MsSql {
API::Node pool() { result = mssqlClass("ConnectionPool") }
/** A tagged template evaluated as a query. */
private class QueryTemplateExpr extends DatabaseAccess, DataFlow::ValueNode {
private class QueryTemplateExpr extends DatabaseAccess, DataFlow::ValueNode, DataFlow::SourceNode {
override TaggedTemplateExpr astNode;
QueryTemplateExpr() {
@@ -443,8 +443,7 @@ private module MsSql {
}
override DataFlow::Node getAResult() {
PromiseFlow::loadStep(this.(DataFlow::SourceNode).getALocalUse(), result,
Promises::valueProp())
PromiseFlow::loadStep(this.getALocalUse(), result, Promises::valueProp())
}
override DataFlow::Node getAQueryArgument() {
@@ -524,31 +523,6 @@ private module Sequelize {
}
}
/** Gets an import of the `sequelize` module or one that re-exports it. */
API::Node sequelize() { result = API::moduleImport(["sequelize", "sequelize-typescript"]) }
/** Gets an expression that creates an instance of the `Sequelize` class. */
API::Node instance() {
result = [sequelize(), sequelize().getMember("Sequelize")].getInstance()
or
result = API::Node::ofType(["sequelize", "sequelize-typescript"], ["Sequelize", "default"])
}
/** A call to `Sequelize.query`. */
private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
QueryCall() { this = instance().getMember("query").getACall() }
override DataFlow::Node getAResult() {
PromiseFlow::loadStep(this.getALocalUse(), result, Promises::valueProp())
}
override DataFlow::Node getAQueryArgument() {
result = this.getArgument(0)
or
result = this.getOptionArgument(0, "query")
}
}
class SequelizeSink extends ModelInput::SinkModelCsv {
override predicate row(string row) {
row =
@@ -563,6 +537,12 @@ private module Sequelize {
]
}
}
class SequelizeSource extends ModelInput::SourceModelCsv {
override predicate row(string row) {
row = "sequelize;Sequelize;Member[query].ReturnValue.Awaited;database-access-result"
}
}
}
private module SpannerCsv {
@@ -615,7 +595,8 @@ private module SpannerCsv {
override predicate row(string row) {
row =
"@google-cloud/spanner;" + spannerClass() + ";" + resultPath() + ";database-access-result"
"@google-cloud/spanner;" + this.spannerClass() + ";" + this.resultPath() +
";database-access-result"
}
}
}