hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

patch upper-case acronyms to be PascalCase

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-03-11 11:10:33 +01:00
parent e3a15792fa
commit 69353bb014
422 changed files with 3532 additions and 2244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
javascript/ql/lib/semmle/javascript/AST.qll
View File

@@ -22,7 +22,7 @@ private import semmle.javascript.internal.CachedStages
* abs(-42);
* ```
*/
class ASTNode extends @ast_node, NodeInStmtContainer {
class AstNode extends @ast_node, NodeInStmtContainer {
override Location getLocation() { hasLocation(this, result) }
override File getFile() {
@@ -84,7 +84,7 @@ class ASTNode extends @ast_node, NodeInStmtContainer {
* _Note_: The indices of child nodes are considered an implementation detail and may
* change between versions of the extractor.
*/
ASTNode getChild(int i) {
AstNode getChild(int i) {
result = this.getChildExpr(i) or
result = this.getChildStmt(i) or
properties(result, this, i, _, _) or
@@ -101,7 +101,7 @@ class ASTNode extends @ast_node, NodeInStmtContainer {
TypeExpr getChildTypeExpr(int i) { typeexprs(result, _, this, i, _) }
/** Gets a child node of this node. */
ASTNode getAChild() { result = this.getChild(_) }
AstNode getAChild() { result = this.getChild(_) }
/** Gets a child expression of this node. */
Expr getAChildExpr() { result = this.getChildExpr(_) }
@@ -120,7 +120,7 @@ class ASTNode extends @ast_node, NodeInStmtContainer {
/** Gets the parent node of this node, if any. */
cached
ASTNode getParent() { Stages::Ast::ref() and this = result.getAChild() }
AstNode getParent() { Stages::Ast::ref() and this = result.getAChild() }
/** Gets the first control flow node belonging to this syntactic entity. */
ControlFlowNode getFirstControlFlowNode() { result = this }
@@ -184,6 +184,9 @@ class ASTNode extends @ast_node, NodeInStmtContainer {
}
}
/** DEPRECATED: Alias for AstNode */
deprecated class ASTNode = AstNode;
/**
* Holds if the given file is a `.d.ts` file.
*/
@@ -334,7 +337,10 @@ class EventHandlerCode extends @event_handler, CodeInAttribute { }
* <a href="javascript:alert('hi')">Click me</a>
* ```
*/
class JavaScriptURL extends @javascript_url, CodeInAttribute { }
class JavaScriptUrl extends @javascript_url, CodeInAttribute { }
/** DEPRECATED: Alias for JavaScriptUrl */
deprecated class JavaScriptURL = JavaScriptUrl;
/**
* A toplevel syntactic entity containing Closure-style externs definitions.
@@ -361,7 +367,7 @@ class Externs extends TopLevel {
* i = 9
* ```
*/
class ExprOrStmt extends @expr_or_stmt, ControlFlowNode, ASTNode { }
class ExprOrStmt extends @expr_or_stmt, ControlFlowNode, AstNode { }
/**
* A program element that contains statements, but isn't itself
@@ -375,7 +381,7 @@ class ExprOrStmt extends @expr_or_stmt, ControlFlowNode, ASTNode { }
* }
* ```
*/
class StmtContainer extends @stmt_container, ASTNode {
class StmtContainer extends @stmt_container, AstNode {
/** Gets the innermost enclosing container in which this container is nested. */
cached
StmtContainer getEnclosingContainer() { none() }
@@ -405,7 +411,7 @@ class StmtContainer extends @stmt_container, ASTNode {
* For scripts or modules, this is the container itself; for functions,
* it is the function body.
*/
ASTNode getBody() { result = this }
AstNode getBody() { result = this }
/**
* Gets the (unique) entry node of the control flow graph for this toplevel or function.
@@ -470,7 +476,7 @@ module AST {
* function id(x) { return x; } // function declaration
* ```
*/
class ValueNode extends ASTNode, @dataflownode {
class ValueNode extends AstNode, @dataflownode {
/** Gets type inference results for this element. */
DataFlow::AnalyzedNode analyze() { result = DataFlow::valueNode(this).analyze() }

24
javascript/ql/lib/semmle/javascript/ApiGraphs.qll
View File

@@ -109,7 +109,7 @@ module API {
*/
cached
Node getMember(string m) {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getASuccessor(Label::member(m))
}
@@ -119,7 +119,7 @@ module API {
*/
cached
Node getUnknownMember() {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getASuccessor(Label::unknownMember())
}
@@ -129,7 +129,7 @@ module API {
*/
cached
Node getAMember() {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getMember(_)
or
result = this.getUnknownMember()
@@ -148,7 +148,7 @@ module API {
*/
cached
Node getInstance() {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getASuccessor(Label::instance())
}
@@ -160,7 +160,7 @@ module API {
*/
cached
Node getParameter(int i) {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getASuccessor(Label::parameter(i))
}
@@ -182,7 +182,7 @@ module API {
*/
cached
Node getReceiver() {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getASuccessor(Label::receiver())
}
@@ -196,7 +196,7 @@ module API {
*/
cached
Node getAParameter() {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getParameter(_)
or
result = this.getReceiver()
@@ -210,7 +210,7 @@ module API {
*/
cached
Node getReturn() {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getASuccessor(Label::return())
}
@@ -220,7 +220,7 @@ module API {
*/
cached
Node getPromised() {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getASuccessor(Label::promised())
}
@@ -229,7 +229,7 @@ module API {
*/
cached
Node getPromisedError() {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
result = this.getASuccessor(Label::promisedError())
}
@@ -892,7 +892,7 @@ module API {
*/
cached
predicate edge(TApiNode pred, Label::ApiLabel lbl, TApiNode succ) {
Stages::APIStage::ref() and
Stages::ApiStage::ref() and
exists(string m |
pred = MkRoot() and
lbl = Label::moduleLabel(m)
@@ -1251,7 +1251,7 @@ private predicate exports(string m, string prop, DataFlow::Node rhs) {
/** Gets the definition of module `m`. */
private Module importableModule(string m) {
exists(NPMPackage pkg, PackageJSON json | json = pkg.getPackageJSON() and not json.isPrivate() |
exists(NpmPackage pkg, PackageJson json | json = pkg.getPackageJson() and not json.isPrivate() |
result = pkg.getMainModule() and
not result.isExterns() and
m = pkg.getPackageName()

2
javascript/ql/lib/semmle/javascript/CFG.qll
View File

@@ -347,7 +347,7 @@ class ControlFlowNode extends @cfg_node, Locatable, NodeInStmtContainer {
then result = "function in " + any(MethodDeclaration mem | mem.getBody() = this)
else
if this instanceof @decorator_list
then result = "parameter decorators of " + this.(ASTNode).getParent().(Function).describe()
then result = "parameter decorators of " + this.(AstNode).getParent().(Function).describe()
else result = toString()
}
}

4
javascript/ql/lib/semmle/javascript/CanonicalNames.qll
View File

@@ -48,7 +48,7 @@ class CanonicalName extends @symbol {
string getExternalModuleName() {
symbol_module(this, result)
or
exists(PackageJSON pkg |
exists(PackageJson pkg |
getModule() = pkg.getMainModule() and
result = pkg.getPackageName()
)
@@ -160,7 +160,7 @@ class CanonicalName extends @symbol {
/**
* Gets a definition of the entity with this canonical name.
*/
ASTNode getADefinition() { none() }
AstNode getADefinition() { none() }
/**
* Gets a use that refers to the entity with this canonical name.

6
javascript/ql/lib/semmle/javascript/CharacterEscapes.qll
View File

@@ -32,7 +32,7 @@ module CharacterEscapes {
* Holds if `n` is delimited by `delim` and contains `rawStringNode` with the raw string value `raw`.
*/
private predicate hasRawStringAndQuote(
DataFlow::ValueNode n, string delim, ASTNode rawStringNode, string raw
DataFlow::ValueNode n, string delim, AstNode rawStringNode, string raw
) {
rawStringNode = n.asExpr() and
raw = rawStringNode.(StringLiteral).getRawValue() and
@@ -52,7 +52,7 @@ module CharacterEscapes {
*
* The character is the `i`th character of `rawStringNode`'s raw string value.
*/
string getAnIdentityEscapedCharacter(DataFlow::Node n, ASTNode rawStringNode, int i) {
string getAnIdentityEscapedCharacter(DataFlow::Node n, AstNode rawStringNode, int i) {
exists(string delim, string raw, string additionalEscapeChars |
hasRawStringAndQuote(n, delim, rawStringNode, raw) and
if rawStringNode instanceof RegExpLiteral
@@ -80,7 +80,7 @@ module CharacterEscapes {
* The character is the `i`th character of the raw string value of `rawStringNode`.
*/
string getALikelyRegExpPatternMistake(
RegExpPatternSource src, string mistake, ASTNode rawStringNode, int i
RegExpPatternSource src, string mistake, AstNode rawStringNode, int i
) {
result = getAnIdentityEscapedCharacter(src, rawStringNode, i) and
(

12
javascript/ql/lib/semmle/javascript/DOM.qll
View File

@@ -76,10 +76,10 @@ module DOM {
/**
* A JSX element, viewed as an `ElementDefinition`.
*/
private class JsxElementDefinition extends ElementDefinition, @jsx_element instanceof JSXElement {
override string getName() { result = JSXElement.super.getName() }
private class JsxElementDefinition extends ElementDefinition, @jsx_element instanceof JsxElement {
override string getName() { result = JsxElement.super.getName() }
override AttributeDefinition getAttribute(int i) { result = JSXElement.super.getAttribute(i) }
override AttributeDefinition getAttribute(int i) { result = JsxElement.super.getAttribute(i) }
override ElementDefinition getParent() { result = super.getJsxParent() }
}
@@ -139,7 +139,7 @@ module DOM {
* A JSX attribute, viewed as an `AttributeDefinition`.
*/
private class JsxAttributeDefinition extends AttributeDefinition, @jsx_attribute {
JSXAttribute attr;
JsxAttribute attr;
JsxAttributeDefinition() { this = attr }
@@ -323,7 +323,7 @@ module DOM {
private class DefaultRange extends Range {
DefaultRange() {
this.asExpr().(VarAccess).getVariable() instanceof DOMGlobalVariable
this.asExpr().(VarAccess).getVariable() instanceof DomGlobalVariable
or
exists(DataFlow::PropRead read |
this = read and
@@ -392,7 +392,7 @@ module DOM {
*/
private DataFlow::SourceNode domEventSource() {
// e.g. <form onSubmit={e => e.target}/>
exists(JSXAttribute attr | attr.getName().matches("on%") |
exists(JsxAttribute attr | attr.getName().matches("on%") |
result = attr.getValue().flow().getABoundFunctionValue(0).getParameter(0)
)
or

25
javascript/ql/lib/semmle/javascript/E4X.qll
View File

@@ -14,7 +14,10 @@ module E4X {
* *
* ```
*/
class XMLAnyName extends Expr, @e4x_xml_anyname { }
class XmlAnyName extends Expr, @e4x_xml_anyname { }
/** DEPRECATED: Alias for XmlAnyName */
deprecated class XMLAnyName = XmlAnyName;
/**
* An E4X qualified identifier.
@@ -29,7 +32,7 @@ module E4X {
* Note that qualified identifiers are not currently supported by the parser, so snapshots
* will not usually contain any.
*/
class XMLQualifiedIdentifier extends Expr, @e4x_xml_qualident {
class XmlQualifiedIdentifier extends Expr, @e4x_xml_qualident {
/**
* Gets the left operand of this qualified identifier, which is either
* an identifier or a wildcard.
@@ -54,6 +57,9 @@ module E4X {
}
}
/** DEPRECATED: Alias for XmlQualifiedIdentifier */
deprecated class XMLQualifiedIdentifier = XmlQualifiedIdentifier;
/**
* An E4X attribute selector.
*
@@ -64,7 +70,7 @@ module E4X {
* @[p]
* ```
*/
class XMLAttributeSelector extends Expr, @e4x_xml_attribute_selector {
class XmlAttributeSelector extends Expr, @e4x_xml_attribute_selector {
/**
* Gets the selected attribute, which is either a static name (that is, a
* wildcard identifier or a possibly qualified name), or an arbitrary
@@ -83,6 +89,9 @@ module E4X {
}
}
/** DEPRECATED: Alias for XmlAttributeSelector */
deprecated class XMLAttributeSelector = XmlAttributeSelector;
/**
* An E4X filter expression.
*
@@ -92,7 +101,7 @@ module E4X {
* employees.(@id == 0 || @id == 1)
* ```
*/
class XMLFilterExpression extends Expr, @e4x_xml_filter_expression {
class XmlFilterExpression extends Expr, @e4x_xml_filter_expression {
/**
* Gets the left operand of this filter expression.
*/
@@ -108,6 +117,9 @@ module E4X {
}
}
/** DEPRECATED: Alias for XmlFilterExpression */
deprecated class XMLFilterExpression = XmlFilterExpression;
/**
* An E4X "dot-dot" expression.
*
@@ -117,7 +129,7 @@ module E4X {
* e..name
* ```
*/
class XMLDotDotExpression extends Expr, @e4x_xml_dotdotexpr {
class XmlDotDotExpression extends Expr, @e4x_xml_dotdotexpr {
/**
* Gets the base expression of this dot-dot expression.
*/
@@ -132,4 +144,7 @@ module E4X {
result = getBase().getFirstControlFlowNode()
}
}
/** DEPRECATED: Alias for XmlDotDotExpression */
deprecated class XMLDotDotExpression = XmlDotDotExpression;
}

2
javascript/ql/lib/semmle/javascript/Expr.qll
View File

@@ -2744,7 +2744,7 @@ class Decorator extends @decorator, Expr {
* }
* ```
*/
class Decoratable extends ASTNode {
class Decoratable extends AstNode {
Decoratable() {
this instanceof ClassDefinition or
this instanceof Property or

8
javascript/ql/lib/semmle/javascript/Externs.qll
View File

@@ -64,7 +64,7 @@ import javascript
* Object.prototype.hasOwnProperty = function(p) {};
* </pre>
*/
abstract class ExternalDecl extends ASTNode {
abstract class ExternalDecl extends AstNode {
/** Gets the name of this declaration. */
abstract string getName();
@@ -125,7 +125,7 @@ abstract class ExternalVarDecl extends ExternalDecl {
*
* The result can be either a function or an expression.
*/
abstract ASTNode getInit();
abstract AstNode getInit();
/**
* Gets a JSDoc tag associated with this declaration.
@@ -179,7 +179,7 @@ class ExternalGlobalFunctionDecl extends ExternalGlobalDecl, FunctionDeclStmt {
/** Gets the name of this declaration. */
override string getName() { result = FunctionDeclStmt.super.getName() }
override ASTNode getInit() { result = this }
override AstNode getInit() { result = this }
}
/**
@@ -336,7 +336,7 @@ class ExternalInstanceMemberDecl extends ExternalMemberDecl {
* function(p) {}; // external function entity
* </pre>
*/
class ExternalEntity extends ASTNode {
class ExternalEntity extends AstNode {
ExternalEntity() { exists(ExternalVarDecl d | d.getInit() = this) }
/** Gets the variable declaration to which this entity belongs. */

2
javascript/ql/lib/semmle/javascript/JSDoc.qll
View File

@@ -55,7 +55,7 @@ class JSDoc extends @jsdoc, Locatable {
* }
* </pre>
*/
abstract class Documentable extends ASTNode {
abstract class Documentable extends AstNode {
/** Gets the JSDoc comment for this element, if any. */
cached
JSDoc getDocumentation() {

59
javascript/ql/lib/semmle/javascript/JSON.qll
View File

@@ -19,14 +19,14 @@ import javascript
* { "value": 0 }
* ```
*/
class JSONValue extends @json_value, Locatable {
class JsonValue extends @json_value, Locatable {
override Location getLocation() { json_locations(this, result) }
/** Gets the parent value to which this value belongs, if any. */
JSONValue getParent() { json(this, _, result, _, _) }
JsonValue getParent() { json(this, _, result, _, _) }
/** Gets the `i`th child value of this value. */
JSONValue getChild(int i) { json(result, _, this, i, _) }
JsonValue getChild(int i) { json(result, _, this, i, _) }
/** Holds if this JSON value is the top level element in its enclosing file. */
predicate isTopLevel() { not exists(getParent()) }
@@ -42,23 +42,26 @@ class JSONValue extends @json_value, Locatable {
}
/** If this is an object, gets the value of property `name`. */
JSONValue getPropValue(string name) { json_properties(this, name, result) }
JsonValue getPropValue(string name) { json_properties(this, name, result) }
/** If this is an array, gets the value of the `i`th element. */
JSONValue getElementValue(int i) { result = this.(JSONArray).getChild(i) }
JsonValue getElementValue(int i) { result = this.(JsonArray).getChild(i) }
/** If this is a string constant, gets the value of the string. */
string getStringValue() { result = this.(JSONString).getValue() }
string getStringValue() { result = this.(JsonString).getValue() }
/** If this is an integer constant, gets its numeric value. */
int getIntValue() { result = this.(JSONNumber).getValue().toInt() }
int getIntValue() { result = this.(JsonNumber).getValue().toInt() }
/** If this is a boolean constant, gets its boolean value. */
boolean getBooleanValue() { result.toString() = this.(JSONBoolean).getValue() }
boolean getBooleanValue() { result.toString() = this.(JsonBoolean).getValue() }
override string getAPrimaryQlClass() { result = "JSONValue" }
}
/** DEPRECATED: Alias for JsonValue */
deprecated class JSONValue = JsonValue;
/**
* A JSON-encoded primitive value.
*
@@ -72,7 +75,7 @@ class JSONValue extends @json_value, Locatable {
* "a string"
* ```
*/
abstract class JSONPrimitiveValue extends JSONValue {
abstract class JsonPrimitiveValue extends JsonValue {
/** Gets a string representation of the encoded value. */
string getValue() { json_literals(result, _, this) }
@@ -80,6 +83,9 @@ abstract class JSONPrimitiveValue extends JSONValue {
string getRawValue() { json_literals(_, result, this) }
}
/** DEPRECATED: Alias for JsonPrimitiveValue */
deprecated class JSONPrimitiveValue = JsonPrimitiveValue;
/**
* A JSON-encoded null value.
*
@@ -89,10 +95,13 @@ abstract class JSONPrimitiveValue extends JSONValue {
* null
* ```
*/
class JSONNull extends @json_null, JSONPrimitiveValue {
class JsonNull extends @json_null, JsonPrimitiveValue {
override string getAPrimaryQlClass() { result = "JSONNull" }
}
/** DEPRECATED: Alias for JsonNull */
deprecated class JSONNull = JsonNull;
/**
* A JSON-encoded Boolean value.
*
@@ -103,10 +112,13 @@ class JSONNull extends @json_null, JSONPrimitiveValue {
* false
* ```
*/
class JSONBoolean extends @json_boolean, JSONPrimitiveValue {
class JsonBoolean extends @json_boolean, JsonPrimitiveValue {
override string getAPrimaryQlClass() { result = "JSONBoolean" }
}
/** DEPRECATED: Alias for JsonBoolean */
deprecated class JSONBoolean = JsonBoolean;
/**
* A JSON-encoded number.
*
@@ -117,10 +129,13 @@ class JSONBoolean extends @json_boolean, JSONPrimitiveValue {
* 1.0
* ```
*/
class JSONNumber extends @json_number, JSONPrimitiveValue {
class JsonNumber extends @json_number, JsonPrimitiveValue {
override string getAPrimaryQlClass() { result = "JSONNumber" }
}
/** DEPRECATED: Alias for JsonNumber */
deprecated class JSONNumber = JsonNumber;
/**
* A JSON-encoded string value.
*
@@ -130,10 +145,13 @@ class JSONNumber extends @json_number, JSONPrimitiveValue {
* "a string"
* ```
*/
class JSONString extends @json_string, JSONPrimitiveValue {
class JsonString extends @json_string, JsonPrimitiveValue {
override string getAPrimaryQlClass() { result = "JSONString" }
}
/** DEPRECATED: Alias for JsonString */
deprecated class JSONString = JsonString;
/**
* A JSON-encoded array.
*
@@ -143,13 +161,16 @@ class JSONString extends @json_string, JSONPrimitiveValue {
* [ 1, 2, 3 ]
* ```
*/
class JSONArray extends @json_array, JSONValue {
class JsonArray extends @json_array, JsonValue {
override string getAPrimaryQlClass() { result = "JSONArray" }
/** Gets the string value of the `i`th element of this array. */
string getElementStringValue(int i) { result = getElementValue(i).getStringValue() }
}
/** DEPRECATED: Alias for JsonArray */
deprecated class JSONArray = JsonArray;
/**
* A JSON-encoded object.
*
@@ -159,18 +180,24 @@ class JSONArray extends @json_array, JSONValue {
* { "value": 0 }
* ```
*/
class JSONObject extends @json_object, JSONValue {
class JsonObject extends @json_object, JsonValue {
override string getAPrimaryQlClass() { result = "JSONObject" }
/** Gets the string value of property `name` of this object. */
string getPropStringValue(string name) { result = getPropValue(name).getStringValue() }
}
/** DEPRECATED: Alias for JsonObject */
deprecated class JSONObject = JsonObject;
/**
* An error reported by the JSON parser.
*/
class JSONParseError extends @json_parse_error, Error {
class JsonParseError extends @json_parse_error, Error {
override Location getLocation() { json_locations(this, result) }
override string getMessage() { json_errors(this, result) }
}
/** DEPRECATED: Alias for JsonParseError */
deprecated class JSONParseError = JsonParseError;

89
javascript/ql/lib/semmle/javascript/JSX.qll
View File

@@ -15,7 +15,7 @@ import javascript
* <><h1>Title</h1>Some <b>text</b></>
* ```
*/
class JSXNode extends Expr, @jsx_element {
class JsxNode extends Expr, @jsx_element {
/** Gets the `i`th element in the body of this element or fragment. */
Expr getBodyElement(int i) { i >= 0 and result = getChildExpr(-i - 2) }
@@ -25,11 +25,14 @@ class JSXNode extends Expr, @jsx_element {
/**
* Gets the parent JSX element or fragment of this element.
*/
JSXNode getJsxParent() { this = result.getABodyElement() }
JsxNode getJsxParent() { this = result.getABodyElement() }
override string getAPrimaryQlClass() { result = "JSXNode" }
}
/** DEPRECATED: Alias for JsxNode */
deprecated class JSXNode = JsxNode;
/**
* A JSX element.
*
@@ -40,25 +43,25 @@ class JSXNode extends Expr, @jsx_element {
* <Welcome name={user.name}/>
* ```
*/
class JSXElement extends JSXNode {
JSXName name;
class JsxElement extends JsxNode {
JsxName name;
JSXElement() { name = getChildExpr(-1) }
JsxElement() { name = getChildExpr(-1) }
/** Gets the expression denoting the name of this element. */
JSXName getNameExpr() { result = name }
JsxName getNameExpr() { result = name }
/** Gets the name of this element. */
string getName() { result = name.getValue() }
/** Gets the `i`th attribute of this element. */
JSXAttribute getAttribute(int i) { properties(result, this, i, _, _) }
JsxAttribute getAttribute(int i) { properties(result, this, i, _, _) }
/** Gets an attribute of this element. */
JSXAttribute getAnAttribute() { result = getAttribute(_) }
JsxAttribute getAnAttribute() { result = getAttribute(_) }
/** Gets the attribute of this element with the given name, if any. */
JSXAttribute getAttributeByName(string n) { result = getAnAttribute() and result.getName() = n }
JsxAttribute getAttributeByName(string n) { result = getAnAttribute() and result.getName() = n }
override ControlFlowNode getFirstControlFlowNode() {
result = getNameExpr().getFirstControlFlowNode()
@@ -70,9 +73,15 @@ class JSXElement extends JSXNode {
* Holds if this JSX element is a HTML element.
* That is, the name starts with a lowercase letter.
*/
predicate isHTMLElement() { getName().regexpMatch("[a-z].*") }
predicate isHtmlElement() { getName().regexpMatch("[a-z].*") }
/** DEPRECATED: Alias for isHtmlElement */
deprecated predicate isHTMLElement() { isHtmlElement() }
}
/** DEPRECATED: Alias for JsxElement */
deprecated class JSXElement = JsxElement;
/**
* A JSX fragment.
*
@@ -82,8 +91,8 @@ class JSXElement extends JSXNode {
* <><h1>Title</h1>Some <b>text</b></>
* ```
*/
class JSXFragment extends JSXNode {
JSXFragment() { not exists(getChildExpr(-1)) }
class JsxFragment extends JsxNode {
JsxFragment() { not exists(getChildExpr(-1)) }
override ControlFlowNode getFirstControlFlowNode() {
result = getBodyElement(0).getFirstControlFlowNode()
@@ -94,6 +103,9 @@ class JSXFragment extends JSXNode {
override string getAPrimaryQlClass() { result = "JSXFragment" }
}
/** DEPRECATED: Alias for JsxFragment */
deprecated class JSXFragment = JsxFragment;
/**
* An attribute of a JSX element, including spread attributes.
*
@@ -105,13 +117,13 @@ class JSXFragment extends JSXNode {
* <div {...attrs}></div> // `{...attrs}` is a (spread) attribute
* ```
*/
class JSXAttribute extends ASTNode, @jsx_attribute {
class JsxAttribute extends AstNode, @jsx_attribute {
/**
* Gets the expression denoting the name of this attribute.
*
* This is not defined for spread attributes.
*/
JSXName getNameExpr() { result = getChildExpr(0) }
JsxName getNameExpr() { result = getChildExpr(0) }
/**
* Gets the name of this attribute.
@@ -127,7 +139,7 @@ class JSXAttribute extends ASTNode, @jsx_attribute {
string getStringValue() { result = getValue().getStringValue() }
/** Gets the JSX element to which this attribute belongs. */
JSXElement getElement() { this = result.getAnAttribute() }
JsxElement getElement() { this = result.getAnAttribute() }
override ControlFlowNode getFirstControlFlowNode() {
result = getNameExpr().getFirstControlFlowNode()
@@ -140,6 +152,9 @@ class JSXAttribute extends ASTNode, @jsx_attribute {
override string getAPrimaryQlClass() { result = "JSXAttribute" }
}
/** DEPRECATED: Alias for JsxAttribute */
deprecated class JSXAttribute = JsxAttribute;
/**
* A spread attribute of a JSX element.
*
@@ -149,8 +164,8 @@ class JSXAttribute extends ASTNode, @jsx_attribute {
* <div {...attrs}></div> // `{...attrs}` is a spread attribute
* ```
*/
class JSXSpreadAttribute extends JSXAttribute {
JSXSpreadAttribute() { not exists(getNameExpr()) }
class JsxSpreadAttribute extends JsxAttribute {
JsxSpreadAttribute() { not exists(getNameExpr()) }
override SpreadElement getValue() {
// override for more precise result type
@@ -158,6 +173,9 @@ class JSXSpreadAttribute extends JSXAttribute {
}
}
/** DEPRECATED: Alias for JsxSpreadAttribute */
deprecated class JSXSpreadAttribute = JsxSpreadAttribute;
/**
* A namespace-qualified name such as `n:a`.
*
@@ -167,7 +185,7 @@ class JSXSpreadAttribute extends JSXAttribute {
* html:href
* ```
*/
class JSXQualifiedName extends Expr, @jsx_qualified_name {
class JsxQualifiedName extends Expr, @jsx_qualified_name {
/** Gets the namespace component of this qualified name. */
Identifier getNamespace() { result = getChildExpr(0) }
@@ -181,6 +199,9 @@ class JSXQualifiedName extends Expr, @jsx_qualified_name {
override string getAPrimaryQlClass() { result = "JSXQualifiedName" }
}
/** DEPRECATED: Alias for JsxQualifiedName */
deprecated class JSXQualifiedName = JsxQualifiedName;
/**
* A name of an JSX element or attribute (which is
* always an identifier, a dot expression, or a qualified
@@ -194,12 +215,12 @@ class JSXQualifiedName extends Expr, @jsx_qualified_name {
* data.path
* ```
*/
class JSXName extends Expr {
JSXName() {
class JsxName extends Expr {
JsxName() {
this instanceof Identifier or
this instanceof ThisExpr or
this.(DotExpr).getBase() instanceof JSXName or
this instanceof JSXQualifiedName
this.(DotExpr).getBase() instanceof JsxName or
this instanceof JsxQualifiedName
}
/**
@@ -209,10 +230,10 @@ class JSXName extends Expr {
result = this.(Identifier).getName()
or
exists(DotExpr dot | dot = this |
result = dot.getBase().(JSXName).getValue() + "." + dot.getPropertyName()
result = dot.getBase().(JsxName).getValue() + "." + dot.getPropertyName()
)
or
exists(JSXQualifiedName qual | qual = this |
exists(JsxQualifiedName qual | qual = this |
result = qual.getNamespace().getName() + ":" + qual.getName().getName()
)
or
@@ -221,6 +242,9 @@ class JSXName extends Expr {
}
}
/** DEPRECATED: Alias for JsxName */
deprecated class JSXName = JsxName;
/**
* An interpolating expression that interpolates nothing.
*
@@ -230,10 +254,13 @@ class JSXName extends Expr {
* { /* TBD *&#47; }
* </pre>
*/
class JSXEmptyExpr extends Expr, @jsx_empty_expr {
class JsxEmptyExpr extends Expr, @jsx_empty_expr {
override string getAPrimaryQlClass() { result = "JSXEmptyExpr" }
}
/** DEPRECATED: Alias for JsxEmptyExpr */
deprecated class JSXEmptyExpr = JsxEmptyExpr;
/**
* A legacy `@jsx` pragma.
*
@@ -243,12 +270,18 @@ class JSXEmptyExpr extends Expr, @jsx_empty_expr {
* @jsx React.DOM
* ```
*/
class JSXPragma extends JSDocTag {
JSXPragma() { getTitle() = "jsx" }
class JsxPragma extends JSDocTag {
JsxPragma() { getTitle() = "jsx" }
/**
* Gets the DOM name specified by the pragma; for `@jsx React.DOM`,
* the result is `React.DOM`.
*/
string getDOMName() { result = getDescription().trim() }
string getDomName() { result = getDescription().trim() }
/** DEPRECATED: Alias for getDomName */
deprecated string getDOMName() { result = getDomName() }
}
/** DEPRECATED: Alias for JsxPragma */
deprecated class JSXPragma = JsxPragma;

5
javascript/ql/lib/semmle/javascript/JsonStringifiers.qll
View File

@@ -64,7 +64,7 @@ class JSON2CSVTaintStep extends TaintTracking::SharedTaintStep {
* This is not quite a `JSON.stringify` call, as it e.g. does not wrap keys in double quotes.
* It's therefore modeled as a taint-step rather than as a `JSON.stringify` call.
*/
class PrettyJSONTaintStep extends TaintTracking::SharedTaintStep {
class PrettyJsonTaintStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call |
call = API::moduleImport("prettyjson").getMember("render").getACall()
@@ -74,3 +74,6 @@ class PrettyJSONTaintStep extends TaintTracking::SharedTaintStep {
)
}
}
/** DEPRECATED: Alias for PrettyJsonTaintStep */
deprecated class PrettyJSONTaintStep = PrettyJsonTaintStep;

6
javascript/ql/lib/semmle/javascript/Modules.qll
View File

@@ -118,7 +118,7 @@ abstract class Module extends TopLevel {
* An import in a module, which may be an ECMAScript 2015-style
* `import` statement, a CommonJS-style `require` import, or an AMD dependency.
*/
abstract class Import extends ASTNode {
abstract class Import extends AstNode {
/** Gets the module in which this import appears. */
abstract Module getEnclosingModule();
@@ -211,7 +211,7 @@ abstract class Import extends ASTNode {
* No support for importing from folders inside the other package.
*/
private Module resolveNeighbourPackage(PathString importPath) {
exists(PackageJSON json | importPath = json.getPackageName() and result = json.getMainModule())
exists(PackageJson json | importPath = json.getPackageName() and result = json.getMainModule())
or
exists(string package |
result.getFile().getParentContainer() = getPackageFolder(package) and
@@ -224,7 +224,7 @@ private Module resolveNeighbourPackage(PathString importPath) {
*/
pragma[noinline]
private Folder getPackageFolder(string package) {
exists(PackageJSON json |
exists(PackageJson json |
json.getPackageName() = package and
result = json.getFile().getParentContainer()
)

65
javascript/ql/lib/semmle/javascript/NPM.qll
View File

@@ -6,8 +6,8 @@ import javascript
private import NodeModuleResolutionImpl
/** A `package.json` configuration object. */
class PackageJSON extends JSONObject {
PackageJSON() {
class PackageJson extends JsonObject {
PackageJson() {
this.getJsonFile().getBaseName() = "package.json" and
this.isTopLevel()
}
@@ -22,7 +22,7 @@ class PackageJSON extends JSONObject {
string getDescription() { result = this.getPropStringValue("description") }
/** Gets the array of keywords for this package. */
JSONArray getKeywords() { result = this.getPropValue("keywords") }
JsonArray getKeywords() { result = this.getPropValue("keywords") }
/** Gets a keyword for this package. */
string getAKeyword() { result = this.getKeywords().getElementStringValue(_) }
@@ -45,7 +45,7 @@ class PackageJSON extends JSONObject {
}
/** Gets the array of files for this package. */
JSONArray getFiles() { result = this.getPropValue("files") }
JsonArray getFiles() { result = this.getPropValue("files") }
/** Gets a file for this package. */
string getAFile() { result = this.getFiles().getElementStringValue(_) }
@@ -67,16 +67,16 @@ class PackageJSON extends JSONObject {
}
/** Gets information about the directories of this package. */
JSONObject getDirectories() { result = this.getPropValue("directories") }
JsonObject getDirectories() { result = this.getPropValue("directories") }
/** Gets repository information for this package. */
RepositoryInfo getRepository() { result = this.getPropValue("repository") }
/** Gets information about the scripts of this package. */
JSONObject getScripts() { result = this.getPropValue("scripts") }
JsonObject getScripts() { result = this.getPropValue("scripts") }
/** Gets configuration information for this package. */
JSONObject getConfig() { result = this.getPropValue("config") }
JsonObject getConfig() { result = this.getPropValue("config") }
/** Gets the dependencies of this package. */
PackageDependencies getDependencies() { result = this.getPropValue("dependencies") }
@@ -131,10 +131,10 @@ class PackageJSON extends JSONObject {
PackageDependencies getEngines() { result = this.getPropValue("engines") }
/** Holds if this package has strict engine requirements. */
predicate isEngineStrict() { this.getPropValue("engineStrict").(JSONBoolean).getValue() = "true" }
predicate isEngineStrict() { this.getPropValue("engineStrict").(JsonBoolean).getValue() = "true" }
/** Gets information about operating systems supported by this package. */
JSONArray getOSs() { result = this.getPropValue("os") }
JsonArray getOSs() { result = this.getPropValue("os") }
/** Gets an operating system supported by this package. */
string getWhitelistedOS() {
@@ -150,7 +150,7 @@ class PackageJSON extends JSONObject {
}
/** Gets information about platforms supported by this package. */
JSONArray getCPUs() { result = this.getPropValue("cpu") }
JsonArray getCPUs() { result = this.getPropValue("cpu") }
/** Gets a platform supported by this package. */
string getWhitelistedCPU() {
@@ -166,13 +166,13 @@ class PackageJSON extends JSONObject {
}
/** Holds if this package prefers to be installed globally. */
predicate isPreferGlobal() { this.getPropValue("preferGlobal").(JSONBoolean).getValue() = "true" }
predicate isPreferGlobal() { this.getPropValue("preferGlobal").(JsonBoolean).getValue() = "true" }
/** Holds if this is a private package. */
predicate isPrivate() { this.getPropValue("private").(JSONBoolean).getValue() = "true" }
predicate isPrivate() { this.getPropValue("private").(JsonBoolean).getValue() = "true" }
/** Gets publishing configuration information about this package. */
JSONValue getPublishConfig() { result = this.getPropValue("publishConfig") }
JsonValue getPublishConfig() { result = this.getPropValue("publishConfig") }
/**
* Gets the main module of this package.
@@ -182,13 +182,16 @@ class PackageJSON extends JSONObject {
}
}
/** DEPRECATED: Alias for PackageJson */
deprecated class PackageJSON = PackageJson;
/**
* A representation of bug tracker information for an NPM package.
*/
class BugTrackerInfo extends JSONValue {
class BugTrackerInfo extends JsonValue {
BugTrackerInfo() {
exists(PackageJSON pkg | pkg.getPropValue("bugs") = this) and
(this instanceof JSONObject or this instanceof JSONString)
exists(PackageJson pkg | pkg.getPropValue("bugs") = this) and
(this instanceof JsonObject or this instanceof JsonString)
}
/** Gets the bug tracker URL. */
@@ -204,13 +207,13 @@ class BugTrackerInfo extends JSONValue {
/**
* A representation of contributor information for an NPM package.
*/
class ContributorInfo extends JSONValue {
class ContributorInfo extends JsonValue {
ContributorInfo() {
exists(PackageJSON pkg |
exists(PackageJson pkg |
this = pkg.getPropValue("author") or
this = pkg.getPropValue("contributors").getElementValue(_)
) and
(this instanceof JSONObject or this instanceof JSONString)
(this instanceof JsonObject or this instanceof JsonString)
}
/**
@@ -244,8 +247,8 @@ class ContributorInfo extends JSONValue {
/**
* A representation of repository information for an NPM package.
*/
class RepositoryInfo extends JSONObject {
RepositoryInfo() { exists(PackageJSON pkg | this = pkg.getPropValue("repository")) }
class RepositoryInfo extends JsonObject {
RepositoryInfo() { exists(PackageJson pkg | this = pkg.getPropValue("repository")) }
/** Gets the repository type. */
string getType() { result = this.getPropStringValue("type") }
@@ -257,9 +260,9 @@ class RepositoryInfo extends JSONObject {
/**
* A representation of package dependencies for an NPM package.
*/
class PackageDependencies extends JSONObject {
class PackageDependencies extends JsonObject {
PackageDependencies() {
exists(PackageJSON pkg, string name |
exists(PackageJson pkg, string name |
name.regexpMatch("(.+D|d)ependencies|engines") and
this = pkg.getPropValue(name)
)
@@ -272,11 +275,11 @@ class PackageDependencies extends JSONObject {
/**
* An NPM package.
*/
class NPMPackage extends @folder {
class NpmPackage extends @folder {
/** The `package.json` file of this package. */
PackageJSON pkg;
PackageJson pkg;
NPMPackage() { pkg.getJsonFile().getParentContainer() = this }
NpmPackage() { pkg.getJsonFile().getParentContainer() = this }
/** Gets a textual representation of this package. */
string toString() { result = this.(Folder).toString() }
@@ -285,10 +288,13 @@ class NPMPackage extends @folder {
string getPath() { result = this.(Folder).getAbsolutePath() }
/** Gets the `package.json` object of this package. */
PackageJSON getPackageJSON() { result = pkg }
PackageJson getPackageJson() { result = pkg }
/** DEPRECATED: Alias for getPackageJson */
deprecated PackageJSON getPackageJSON() { result = getPackageJson() }
/** Gets the name of this package. */
string getPackageName() { result = this.getPackageJSON().getPackageName() }
string getPackageName() { result = this.getPackageJson().getPackageName() }
/** Gets the `node_modules` folder of this package. */
Folder getNodeModulesFolder() {
@@ -325,6 +331,9 @@ class NPMPackage extends @folder {
predicate declaresDependency(string p, string v) { pkg.declaresDependency(p, v) }
}
/** DEPRECATED: Alias for NpmPackage */
deprecated class NPMPackage = NpmPackage;
/**
* Gets the parent folder of `c`, provided that they belong to the same NPM
* package; that is, `c` must not be a `node_modules` folder.

28
javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll
View File

@@ -60,7 +60,7 @@ File loadAsFile(Require req, int rootPriority, int priority) {
*/
File loadAsDirectory(Require req, int rootPriority, int priority) {
exists(Folder dir | dir = req.getImportedPath().resolve(rootPriority) |
result = resolveMainModule(dir.(NPMPackage).getPackageJSON(), priority) or
result = resolveMainModule(dir.(NpmPackage).getPackageJson(), priority) or
result = tryExtensions(dir, "index", priority - (numberOfExtensions() + 1))
)
}
@@ -90,7 +90,7 @@ private string getStem(string name) { result = name.regexpCapture("(.+?)(?:\\.([
/**
* Gets the main module described by `pkg` with the given `priority`.
*/
File resolveMainModule(PackageJSON pkg, int priority) {
File resolveMainModule(PackageJson pkg, int priority) {
exists(PathExpr main | main = MainModulePath::of(pkg) |
result = main.resolve() and priority = 0
or
@@ -144,14 +144,17 @@ private string getASrcFolderName() { result = ["ts", "js", "src", "lib"] }
* module of the package.
*/
class MainModulePath extends PathExpr, @json_string {
PackageJSON pkg;
PackageJson pkg;
MainModulePath() { this = pkg.getPropValue(["main", "module"]) }
/** Gets the `package.json` file in which this path occurs. */
PackageJSON getPackageJSON() { result = pkg }
PackageJson getPackageJson() { result = pkg }
override string getValue() { result = this.(JSONString).getValue() }
/** DEPRECATED: Alias for getPackageJson */
deprecated PackageJSON getPackageJSON() { result = getPackageJson() }
override string getValue() { result = this.(JsonString).getValue() }
override Folder getAdditionalSearchRoot(int priority) {
priority = 0 and
@@ -160,7 +163,7 @@ class MainModulePath extends PathExpr, @json_string {
}
module MainModulePath {
MainModulePath of(PackageJSON pkg) { result.getPackageJSON() = pkg }
MainModulePath of(PackageJson pkg) { result.getPackageJson() = pkg }
}
/**
@@ -169,17 +172,20 @@ module MainModulePath {
* For performance reasons this only exists if there is no "main" field in the `package.json` file.
*/
private class FilesPath extends PathExpr, @json_string {
PackageJSON pkg;
PackageJson pkg;
FilesPath() {
this = pkg.getPropValue("files").(JSONArray).getElementValue(_) and
this = pkg.getPropValue("files").(JsonArray).getElementValue(_) and
not exists(MainModulePath::of(pkg))
}
/** Gets the `package.json` file in which this path occurs. */
PackageJSON getPackageJSON() { result = pkg }
PackageJson getPackageJson() { result = pkg }
override string getValue() { result = this.(JSONString).getValue() }
/** DEPRECATED: Alias for getPackageJson */
deprecated PackageJSON getPackageJSON() { result = getPackageJson() }
override string getValue() { result = this.(JsonString).getValue() }
override Folder getAdditionalSearchRoot(int priority) {
priority = 0 and
@@ -188,5 +194,5 @@ private class FilesPath extends PathExpr, @json_string {
}
private module FilesPath {
FilesPath of(PackageJSON pkg) { result.getPackageJSON() = pkg }
FilesPath of(PackageJson pkg) { result.getPackageJson() = pkg }
}

4
javascript/ql/lib/semmle/javascript/PackageExports.qll
View File

@@ -52,7 +52,7 @@ private import NodeModuleResolutionImpl as NodeModule
private DataFlow::Node getAValueExportedByPackage() {
// The base case, an export from a named `package.json` file.
result =
getAnExportFromModule(any(PackageJSON pack | exists(pack.getPackageName())).getMainModule())
getAnExportFromModule(any(PackageJson pack | exists(pack.getPackageName())).getMainModule())
or
// module.exports.bar.baz = result;
exists(DataFlow::PropWrite write |
@@ -133,7 +133,7 @@ private DataFlow::Node getAValueExportedByPackage() {
DataFlow::globalVarRef("define").getACall().getArgument(1) = prev.getALocalUse() and
func.getFile() =
min(int j, File f |
f = NodeModule::resolveMainModule(any(PackageJSON pack | exists(pack.getPackageName())), j)
f = NodeModule::resolveMainModule(any(PackageJson pack | exists(pack.getPackageName())), j)
|
f order by j
)

10
javascript/ql/lib/semmle/javascript/Paths.qll
View File

@@ -212,7 +212,7 @@ private module TypeScriptOutDir {
* Gets a folder of TypeScript files that is compiled to JavaScript files in `outdir` relative to a `parent`.
*/
string getOriginalTypeScriptFolder(string outdir, Folder parent) {
exists(JSONObject tsconfig |
exists(JsonObject tsconfig |
outdir = removeLeadingSlash(getOutDir(tsconfig, parent)) and
result = removeLeadingSlash(getEffectiveRootDirFromTSConfig(tsconfig))
)
@@ -229,7 +229,7 @@ private module TypeScriptOutDir {
/**
* Gets the `outDir` option from a tsconfig file from the folder `parent`.
*/
private string getOutDir(JSONObject tsconfig, Folder parent) {
private string getOutDir(JsonObject tsconfig, Folder parent) {
tsconfig.getFile().getBaseName().regexpMatch("tsconfig.*\\.json") and
tsconfig.isTopLevel() and
tsconfig.getFile().getParentContainer() = parent and
@@ -241,7 +241,7 @@ private module TypeScriptOutDir {
* Based on the tsconfig.json file `tsconfig`.
*/
pragma[inline]
private string getEffectiveRootDirFromTSConfig(JSONObject tsconfig) {
private string getEffectiveRootDirFromTSConfig(JsonObject tsconfig) {
// if an explicit "rootDir" option exists, then use that.
result = getRootDir(tsconfig)
or
@@ -273,7 +273,7 @@ private module TypeScriptOutDir {
* Can have multiple results if the includes are from multiple folders.
*/
pragma[inline]
private string getARootDirFromInclude(JSONObject tsconfig) {
private string getARootDirFromInclude(JsonObject tsconfig) {
result =
getRootFolderFromPath(tsconfig.getPropValue("include").getElementValue(_).getStringValue())
}
@@ -282,7 +282,7 @@ private module TypeScriptOutDir {
* Gets the value of the "rootDir" option from a tsconfig.json.
*/
pragma[inline]
private string getRootDir(JSONObject tsconfig) {
private string getRootDir(JsonObject tsconfig) {
result = tsconfig.getPropValue("compilerOptions").getPropValue("rootDir").getStringValue()
}
}

209
javascript/ql/lib/semmle/javascript/PrintAst.qll
View File

@@ -54,26 +54,26 @@ private string getQlClass(Locatable el) {
*/
private newtype TPrintAstNode =
// JavaScript / TypeScript
TElementNode(ASTNode el) { shouldPrint(el, _) and not isNotNeeded(el) } or
TElementNode(AstNode el) { shouldPrint(el, _) and not isNotNeeded(el) } or
TParametersNode(Function f) { shouldPrint(f, _) and not isNotNeeded(f) } or
TTypeParametersNode(TypeParameterized f) { shouldPrint(f, _) and not isNotNeeded(f) } or
TJSXAttributesNode(JSXElement n) { shouldPrint(n, _) and not isNotNeeded(n) } or
TJSXBodyElementsNode(JSXNode n) { shouldPrint(n, _) and not isNotNeeded(n) } or
TJsxAttributesNode(JsxElement n) { shouldPrint(n, _) and not isNotNeeded(n) } or
TJsxBodyElementsNode(JsxNode n) { shouldPrint(n, _) and not isNotNeeded(n) } or
TInvokeArgumentsNode(InvokeExpr n) { shouldPrint(n, _) and not isNotNeeded(n) } or
TInvokeTypeArgumentsNode(InvokeExpr invk) { shouldPrint(invk, _) and not isNotNeeded(invk) } or
// JSON
TJSONNode(JSONValue value) { shouldPrint(value, _) and not isNotNeeded(value) } or
TJsonNode(JsonValue value) { shouldPrint(value, _) and not isNotNeeded(value) } or
// YAML
TYAMLNode(YAMLNode n) { shouldPrint(n, _) and not isNotNeeded(n) } or
TYAMLMappingNode(YAMLMapping mapping, int i) {
TYamlNode(YAMLNode n) { shouldPrint(n, _) and not isNotNeeded(n) } or
TYamlMappingNode(YAMLMapping mapping, int i) {
shouldPrint(mapping, _) and not isNotNeeded(mapping) and exists(mapping.getKeyNode(i))
} or
// HTML
THTMLElementNode(HTML::Element e) { shouldPrint(e, _) and not isNotNeeded(e) } or
THTMLAttributesNodes(HTML::Element e) { shouldPrint(e, _) and not isNotNeeded(e) } or
THTMLAttributeNode(HTML::Attribute attr) { shouldPrint(attr, _) and not isNotNeeded(attr) } or
THTMLScript(Script script) { shouldPrint(script, _) and not isNotNeeded(script) } or
THTMLCodeInAttr(CodeInAttribute attr) { shouldPrint(attr, _) and not isNotNeeded(attr) } or
THtmlElementNode(HTML::Element e) { shouldPrint(e, _) and not isNotNeeded(e) } or
THtmlAttributesNodes(HTML::Element e) { shouldPrint(e, _) and not isNotNeeded(e) } or
THtmlAttributeNode(HTML::Attribute attr) { shouldPrint(attr, _) and not isNotNeeded(attr) } or
THtmlScript(Script script) { shouldPrint(script, _) and not isNotNeeded(script) } or
THtmlCodeInAttr(CodeInAttribute attr) { shouldPrint(attr, _) and not isNotNeeded(attr) } or
TRegExpTermNode(RegExpTerm term) {
shouldPrint(term, _) and
term.isUsedAsRegExp() and
@@ -168,7 +168,7 @@ private module PrintJavaScript {
* For example by aggregating all the parameters of a function under a single child node.
*/
class ElementNode extends PrintAstNode, TElementNode {
ASTNode element;
AstNode element;
ElementNode() {
this = TElementNode(element) and
@@ -183,10 +183,10 @@ private module PrintJavaScript {
/**
* Gets the `ASTNode` represented by this node.
*/
final ASTNode getElement() { result = element }
final AstNode getElement() { result = element }
override PrintAstNode getChild(int childIndex) {
exists(ASTNode el | result.(ElementNode).getElement() = el |
exists(AstNode el | result.(ElementNode).getElement() = el |
el = this.getChildNode(childIndex)
)
}
@@ -195,16 +195,16 @@ private module PrintJavaScript {
* Gets the `i`th child of `element`.
* Can be overriden in subclasses to get more specific behavior for `getChild()`.
*/
ASTNode getChildNode(int childIndex) { result = getLocationSortedChild(element, childIndex) }
AstNode getChildNode(int childIndex) { result = getLocationSortedChild(element, childIndex) }
}
/** Provides predicates for pretty printing `ASTNode`s. */
/** Provides predicates for pretty printing `AstNode`s. */
private module PrettyPrinting {
/**
* Gets a pretty string representation of `element`.
* Either the result is `ASTNode::toString`, or a custom made string representation of `element`.
*/
string print(ASTNode element) {
string print(AstNode element) {
shouldPrint(element, _) and
(
result = element.toString().regexpReplaceAll("(\\\\n|\\\\r|\\\\t| )+", " ") and
@@ -217,7 +217,7 @@ private module PrintJavaScript {
/**
* Gets a string representing `a`.
*/
private string repr(ASTNode a) {
private string repr(AstNode a) {
shouldPrint(a, _) and
(
exists(DeclStmt decl | decl = a |
@@ -252,9 +252,9 @@ private module PrintJavaScript {
}
}
private ASTNode getLocationSortedChild(ASTNode parent, int i) {
private AstNode getLocationSortedChild(AstNode parent, int i) {
result =
rank[i](ASTNode child, int childIndex |
rank[i](AstNode child, int childIndex |
child = parent.getChild(childIndex)
|
child
@@ -370,62 +370,77 @@ private module PrintJavaScript {
* 2: An aggregate node for all the attributes (for example `href={foo}` in `<Name href={foo} />`).
* 3: An aggregate node for all the body element (for example `foo` in `<span>foo</span>`).
*/
class JSXNodeNode extends ElementNode {
override JSXNode element;
class JsxNodeNode extends ElementNode {
override JsxNode element;
override PrintAstNode getChild(int childIndex) {
childIndex = 0 and result.(ElementNode).getElement() = element.(JSXElement).getNameExpr()
childIndex = 0 and result.(ElementNode).getElement() = element.(JsxElement).getNameExpr()
or
childIndex = 1 and
exists(element.getABodyElement()) and
result.(JSXBodyElementsNode).getJSXNode() = element
result.(JsxBodyElementsNode).getJsxNode() = element
or
childIndex = 2 and
exists(element.(JSXElement).getAttribute(_)) and
result.(JSXAttributesNode).getJSXElement() = element
exists(element.(JsxElement).getAttribute(_)) and
result.(JsxAttributesNode).getJsxElement() = element
}
}
/** DEPRECATED: Alias for JsxNodeNode */
deprecated class JSXNodeNode = JsxNodeNode;
/**
* An aggregate node representing all the attributes in a `JSXNode`.
*/
class JSXAttributesNode extends PrintAstNode, TJSXAttributesNode {
JSXElement n;
class JsxAttributesNode extends PrintAstNode, TJsxAttributesNode {
JsxElement n;
JSXAttributesNode() { this = TJSXAttributesNode(n) and exists(n.getAttribute(_)) }
JsxAttributesNode() { this = TJsxAttributesNode(n) and exists(n.getAttribute(_)) }
override string toString() { result = "(Attributes)" }
/**
* Gets the `JSXElement` for which this node represents the attributes.
*/
JSXElement getJSXElement() { result = n }
JsxElement getJsxElement() { result = n }
/** DEPRECATED: Alias for getJsxElement */
deprecated JSXElement getJSXElement() { result = getJsxElement() }
override PrintAstNode getChild(int childIndex) {
result.(ElementNode).getElement() = n.getAttribute(childIndex)
}
}
/** DEPRECATED: Alias for JsxAttributesNode */
deprecated class JSXAttributesNode = JsxAttributesNode;
/**
* An aggregate node representing all the body elements in a `JSXNode`.
*/
class JSXBodyElementsNode extends PrintAstNode, TJSXBodyElementsNode {
JSXNode n;
class JsxBodyElementsNode extends PrintAstNode, TJsxBodyElementsNode {
JsxNode n;
JSXBodyElementsNode() { this = TJSXBodyElementsNode(n) and exists(n.getBodyElement(_)) }
JsxBodyElementsNode() { this = TJsxBodyElementsNode(n) and exists(n.getBodyElement(_)) }
override string toString() { result = "(Body)" }
/**
* Gets the `JSXNode` for which this node represents the body elements.
*/
JSXNode getJSXNode() { result = n }
JsxNode getJsxNode() { result = n }
/** DEPRECATED: Alias for getJsxNode */
deprecated JSXNode getJSXNode() { result = getJsxNode() }
override PrintAstNode getChild(int childIndex) {
result.(ElementNode).getElement() = n.getBodyElement(childIndex)
}
}
/** DEPRECATED: Alias for JsxBodyElementsNode */
deprecated class JSXBodyElementsNode = JsxBodyElementsNode;
/**
* A node representing any `ASTNode` that has type-parameters.
*
@@ -484,7 +499,7 @@ private module PrintJavaScript {
class ParameterNode extends ElementNode {
override Parameter element;
override ASTNode getChildNode(int childIndex) {
override AstNode getChildNode(int childIndex) {
childIndex = 0 and result = element.getTypeAnnotation()
or
childIndex = 1 and result = element.getDefault()
@@ -535,14 +550,14 @@ private module PrintJavaScript {
/**
* Classes for printing JSON AST.
*/
private module PrintJSON {
private module PrintJson {
/**
* A print node representing a JSON value in a .json file.
*/
class JSONNode extends PrintAstNode, TJSONNode {
JSONValue value;
class JsonNode extends PrintAstNode, TJsonNode {
JsonValue value;
JSONNode() { this = TJSONNode(value) }
JsonNode() { this = TJsonNode(value) }
override string toString() { result = getQlClass(value) + PrettyPrinting::print(value) }
@@ -551,22 +566,25 @@ private module PrintJSON {
/**
* Gets the `JSONValue` represented by this node.
*/
final JSONValue getValue() { result = value }
final JsonValue getValue() { result = value }
override PrintAstNode getChild(int childIndex) {
exists(JSONValue child | result.(JSONNode).getValue() = child |
exists(JsonValue child | result.(JsonNode).getValue() = child |
child = value.getChild(childIndex)
)
}
}
/** DEPRECATED: Alias for JsonNode */
deprecated class JSONNode = JsonNode;
/** Provied predicates for pretty printing JSON. */
private module PrettyPrinting {
/**
* Gets a string representation of `n`.
* Either using the default `JSONValue::toString`, or a custom printing of the JSON value.
*/
string print(JSONValue n) {
string print(JsonValue n) {
shouldPrint(n, _) and
(
result = n.toString().regexpReplaceAll("(\\\\n|\\\\r|\\\\t| )+", " ") and
@@ -577,20 +595,20 @@ private module PrintJSON {
}
/** Gets a string representing `n`. */
private string repr(JSONValue n) {
private string repr(JsonValue n) {
shouldPrint(n, _) and
(
exists(JSONObject obj, string name, JSONValue prop | obj = n |
exists(JsonObject obj, string name, JsonValue prop | obj = n |
prop = obj.getPropValue(name) and
prop = obj.getChild(0) and
result = "{" + name + ": ...}"
)
or
n instanceof JSONObject and not exists(n.getChild(_)) and result = "{}"
n instanceof JsonObject and not exists(n.getChild(_)) and result = "{}"
or
result = n.(JSONPrimitiveValue).getRawValue()
result = n.(JsonPrimitiveValue).getRawValue()
or
exists(JSONArray arr | arr = n |
exists(JsonArray arr | arr = n |
result = "[]" and not exists(arr.getChild(_))
or
result = "[" + repr(arr.getChild(0)) + "]" and not exists(arr.getChild(1))
@@ -605,14 +623,14 @@ private module PrintJSON {
/**
* Classes for printing YAML AST.
*/
module PrintYAML {
module PrintYaml {
/**
* A print node representing a YAML value in a .yml file.
*/
class YAMLNodeNode extends PrintAstNode, TYAMLNode {
class YamlNodeNode extends PrintAstNode, TYamlNode {
YAMLNode node;
YAMLNodeNode() { this = TYAMLNode(node) }
YamlNodeNode() { this = TYamlNode(node) }
override string toString() { result = getQlClass(node) + node.toString() }
@@ -624,33 +642,39 @@ module PrintYAML {
final YAMLNode getValue() { result = node }
override PrintAstNode getChild(int childIndex) {
exists(YAMLNode child | result.(YAMLNodeNode).getValue() = child |
exists(YAMLNode child | result.(YamlNodeNode).getValue() = child |
child = node.getChildNode(childIndex)
)
}
}
/** DEPRECATED: Alias for YamlNodeNode */
deprecated class YAMLNodeNode = YamlNodeNode;
/**
* A print node representing a `YAMLMapping`.
*
* Each child of this node aggregates the key and value of a mapping.
*/
class YAMLMappingNode extends YAMLNodeNode {
class YamlMappingNode extends YamlNodeNode {
override YAMLMapping node;
override PrintAstNode getChild(int childIndex) {
exists(YAMLMappingMapNode map | map = result | map.maps(node, childIndex))
exists(YamlMappingMapNode map | map = result | map.maps(node, childIndex))
}
}
/** DEPRECATED: Alias for YamlMappingNode */
deprecated class YAMLMappingNode = YamlMappingNode;
/**
* A print node representing the `i`th mapping in `mapping`.
*/
class YAMLMappingMapNode extends PrintAstNode, TYAMLMappingNode {
class YamlMappingMapNode extends PrintAstNode, TYamlMappingNode {
YAMLMapping mapping;
int i;
YAMLMappingMapNode() { this = TYAMLMappingNode(mapping, i) }
YamlMappingMapNode() { this = TYamlMappingNode(mapping, i) }
override string toString() {
result = "(Mapping " + i + ")" and not exists(mapping.getKeyNode(i).(YAMLScalar).getValue())
@@ -667,24 +691,30 @@ module PrintYAML {
}
override PrintAstNode getChild(int childIndex) {
childIndex = 0 and result.(YAMLNodeNode).getValue() = mapping.getKeyNode(i)
childIndex = 0 and result.(YamlNodeNode).getValue() = mapping.getKeyNode(i)
or
childIndex = 1 and result.(YAMLNodeNode).getValue() = mapping.getValueNode(i)
childIndex = 1 and result.(YamlNodeNode).getValue() = mapping.getValueNode(i)
}
}
/** DEPRECATED: Alias for YamlMappingMapNode */
deprecated class YAMLMappingMapNode = YamlMappingMapNode;
}
/** DEPRECATED: Alias for PrintYaml */
deprecated module PrintYAML = PrintYaml;
/**
* Classes for printing HTML AST.
*/
module PrintHTML {
module PrintHtml {
/**
* A print node representing an HTML node in a .html file.
*/
class HTMLElementNode extends PrintAstNode, THTMLElementNode {
class HtmlElementNode extends PrintAstNode, THtmlElementNode {
HTML::Element element;
HTMLElementNode() { this = THTMLElementNode(element) }
HtmlElementNode() { this = THtmlElementNode(element) }
override string toString() { result = getQlClass(element) + "<" + element.getName() + " ..." }
@@ -696,36 +726,42 @@ module PrintHTML {
final HTML::Element getElement() { result = element }
override PrintAstNode getChild(int childIndex) {
childIndex = -1 and result.(HTMLAttributesNodes).getElement() = element
childIndex = -1 and result.(HtmlAttributesNodes).getElement() = element
or
exists(HTML::Element child | result.(HTMLElementNode).getElement() = child |
exists(HTML::Element child | result.(HtmlElementNode).getElement() = child |
child = element.getChild(childIndex)
)
}
}
/** DEPRECATED: Alias for HtmlElementNode */
deprecated class HTMLElementNode = HtmlElementNode;
/**
* A print node representing an HTML node in a .html file.
*/
class HTMLScriptElementNode extends HTMLElementNode {
class HtmlScriptElementNode extends HtmlElementNode {
override HTML::ScriptElement element;
override PrintAstNode getChild(int childIndex) {
childIndex = -200 and result.(HTMLScript).getScript() = element.getScript()
childIndex = -200 and result.(HtmlScript).getScript() = element.getScript()
or
result = super.getChild(childIndex)
}
}
/** DEPRECATED: Alias for HtmlScriptElementNode */
deprecated class HTMLScriptElementNode = HtmlScriptElementNode;
/**
* A print node representing the code inside a `<script>` element.
*/
class HTMLScript extends PrintAstNode, THTMLScript {
class HtmlScript extends PrintAstNode, THtmlScript {
Script script;
HTMLScript() {
this = THTMLScript(script) and
any(HTMLScriptElementNode se).getElement().(HTML::ScriptElement).getScript() = script
HtmlScript() {
this = THtmlScript(script) and
any(HtmlScriptElementNode se).getElement().(HTML::ScriptElement).getScript() = script
}
override string toString() { result = "(Script)" }
@@ -742,15 +778,18 @@ module PrintHTML {
}
}
/** DEPRECATED: Alias for HtmlScript */
deprecated class HTMLScript = HtmlScript;
/**
* A print node representing the code inside an attribute.
*/
class HTMLCodeInAttr extends PrintAstNode, THTMLCodeInAttr {
class HtmlCodeInAttr extends PrintAstNode, THtmlCodeInAttr {
CodeInAttribute attr;
HTMLCodeInAttr() {
this = THTMLCodeInAttr(attr) and
any(HTMLAttributeNode an).getAttribute().getCodeInAttribute() = attr
HtmlCodeInAttr() {
this = THtmlCodeInAttr(attr) and
any(HtmlAttributeNode an).getAttribute().getCodeInAttribute() = attr
}
override string toString() { result = "(Script)" }
@@ -767,14 +806,17 @@ module PrintHTML {
}
}
/** DEPRECATED: Alias for HtmlCodeInAttr */
deprecated class HTMLCodeInAttr = HtmlCodeInAttr;
/**
* An aggregate node representing all the attributes of an HTMLElement.
*/
class HTMLAttributesNodes extends PrintAstNode, THTMLAttributesNodes {
class HtmlAttributesNodes extends PrintAstNode, THtmlAttributesNodes {
HTML::Element element;
HTMLAttributesNodes() {
this = THTMLAttributesNodes(element) and exists(element.getAttribute(_))
HtmlAttributesNodes() {
this = THtmlAttributesNodes(element) and exists(element.getAttribute(_))
}
override string toString() { result = "(Attributes)" }
@@ -785,17 +827,20 @@ module PrintHTML {
HTML::Element getElement() { result = element }
override PrintAstNode getChild(int childIndex) {
result.(HTMLAttributeNode).getAttribute() = element.getAttribute(childIndex)
result.(HtmlAttributeNode).getAttribute() = element.getAttribute(childIndex)
}
}
/** DEPRECATED: Alias for HtmlAttributesNodes */
deprecated class HTMLAttributesNodes = HtmlAttributesNodes;
/**
* A print node representing an HTML attribute in a .html file.
*/
class HTMLAttributeNode extends PrintAstNode, THTMLAttributeNode {
class HtmlAttributeNode extends PrintAstNode, THtmlAttributeNode {
HTML::Attribute attr;
HTMLAttributeNode() { this = THTMLAttributeNode(attr) }
HtmlAttributeNode() { this = THtmlAttributeNode(attr) }
override string toString() { result = getQlClass(attr) + attr.toString() }
@@ -807,11 +852,17 @@ module PrintHTML {
final HTML::Attribute getAttribute() { result = attr }
override PrintAstNode getChild(int childIndex) {
childIndex = 0 and result.(HTMLCodeInAttr).getCode() = attr.getCodeInAttribute()
childIndex = 0 and result.(HtmlCodeInAttr).getCode() = attr.getCodeInAttribute()
}
}
/** DEPRECATED: Alias for HtmlAttributeNode */
deprecated class HTMLAttributeNode = HtmlAttributeNode;
}
/** DEPRECATED: Alias for PrintHtml */
deprecated module PrintHTML = PrintHtml;
/** Holds if `node` belongs to the output tree, and its property `key` has the given `value`. */
query predicate nodes(PrintAstNode node, string key, string value) { value = node.getProperty(key) }

4
javascript/ql/lib/semmle/javascript/Regexp.qll
View File

@@ -1291,8 +1291,8 @@ module RegExp {
/**
* A meta character used by HTML.
*/
private class HTMLMetaCharacter extends MetaCharacter {
HTMLMetaCharacter() { this = ["<", "'", "\""] }
private class HtmlMetaCharacter extends MetaCharacter {
HtmlMetaCharacter() { this = ["<", "'", "\""] }
}
/**

13
javascript/ql/lib/semmle/javascript/SourceMaps.qll
View File

@@ -10,17 +10,20 @@ class SourceMappingComment extends Comment {
string url;
SourceMappingComment() {
exists(string sourceMappingURLRegex |
sourceMappingURLRegex = "[@#]\\s*sourceMappingURL\\s*=\\s*(.*)\\s*"
exists(string sourceMappingUrlRegex |
sourceMappingUrlRegex = "[@#]\\s*sourceMappingURL\\s*=\\s*(.*)\\s*"
|
// either a line comment whose entire text matches the regex...
url = this.(SlashSlashComment).getText().regexpCapture(sourceMappingURLRegex, 1)
url = this.(SlashSlashComment).getText().regexpCapture(sourceMappingUrlRegex, 1)
or
// ...or a block comment one of whose lines matches the regex
url = this.(SlashStarComment).getLine(_).regexpCapture("//" + sourceMappingURLRegex, 1)
url = this.(SlashStarComment).getLine(_).regexpCapture("//" + sourceMappingUrlRegex, 1)
)
}
/** Gets the URL of the source map referenced by this comment. */
string getSourceMappingURL() { result = url }
string getSourceMappingUrl() { result = url }
/** DEPRECATED: Alias for getSourceMappingUrl */
deprecated string getSourceMappingURL() { result = getSourceMappingUrl() }
}

10
javascript/ql/lib/semmle/javascript/Stmt.qll
View File

@@ -248,7 +248,7 @@ private class MaybeDirective extends ExprStmt {
*/
class Directive extends MaybeDirective {
Directive() {
exists(StmtContainer sc, ASTNode body, int i |
exists(StmtContainer sc, AstNode body, int i |
// directives must be toplevel statements in their container
body = sc.getBody() and
this = body.getChildStmt(i) and
@@ -502,7 +502,7 @@ class JumpStmt extends TJumpStmt, Stmt {
* Note that this predicate does not take `finally` clauses
* into account, which may interrupt the jump.
*/
abstract ASTNode getTarget();
abstract AstNode getTarget();
}
/**
@@ -583,7 +583,7 @@ class WithStmt extends @with_stmt, ControlStmt {
exists(Variable v | v = acc.getVariable() |
v instanceof GlobalVariable
or
exists(ASTNode scopeElt | scopeElt = v.getScope().getScopeElement() |
exists(AstNode scopeElt | scopeElt = v.getScope().getScopeElement() |
scopeElt = this.getParent+()
)
)
@@ -676,7 +676,7 @@ class ThrowStmt extends @throw_stmt, JumpStmt {
* `try` statement in whose body the throw statement occurs. If there is no such
* `try` statement, the target defaults to the enclosing statement container.
*/
override ASTNode getTarget() {
override AstNode getTarget() {
if exists(TryStmt ts | this.getParentStmt+() = ts.getBody())
then
this.getParentStmt+() = result.(TryStmt).getBody() and
@@ -802,7 +802,7 @@ class DoWhileStmt extends @do_while_stmt, LoopStmt {
* var i = 1;
* ```
*/
class ExprOrVarDecl extends ASTNode {
class ExprOrVarDecl extends AstNode {
ExprOrVarDecl() {
this instanceof Expr or
this instanceof DeclStmt

10
javascript/ql/lib/semmle/javascript/TypeScript.qll
View File

@@ -98,7 +98,7 @@ class NamespaceDeclaration extends NamespaceDefinition, StmtContainer, @namespac
* Note that imports and type parameters are not type definitions. Consider using `TypeDecl` to capture
* a wider class of type declarations.
*/
class TypeDefinition extends ASTNode, @type_definition {
class TypeDefinition extends AstNode, @type_definition {
/**
* Gets the identifier naming the type.
*/
@@ -376,7 +376,7 @@ class ConstructorTypeExpr extends FunctionTypeExpr, @constructor_typeexpr { }
class PlainFunctionTypeExpr extends FunctionTypeExpr, @plain_function_typeexpr { }
/** A possibly qualified identifier that declares or refers to a type. */
abstract class TypeRef extends ASTNode { }
abstract class TypeRef extends AstNode { }
/** An identifier declaring a type name, that is, the name of a class, interface, type parameter, or import. */
class TypeDecl extends Identifier, TypeRef, LexicalDecl {
@@ -1291,7 +1291,7 @@ class ExpressionWithTypeArguments extends @expression_with_type_arguments, Expr
/**
* A program element that supports type parameters, that is, a function, class, interface, type alias, mapped type, or `infer` type.
*/
class TypeParameterized extends @type_parameterized, ASTNode {
class TypeParameterized extends @type_parameterized, AstNode {
/** Gets the `n`th type parameter declared on this function or type. */
TypeParameter getTypeParameter(int n) { none() } // Overridden in subtypes.
@@ -1394,7 +1394,7 @@ class NonNullAssertion extends Expr, @non_null_assertion {
/**
* A possibly qualified identifier that refers to or declares a local name for a namespace.
*/
abstract class NamespaceRef extends ASTNode { }
abstract class NamespaceRef extends AstNode { }
/**
* An identifier that declares a local name for a namespace, that is,
@@ -1602,7 +1602,7 @@ class EnumDeclaration extends NamespaceDefinition, @enum_declaration, AST::Value
* enum Color { red = 1, green, blue }
* ```
*/
class EnumMember extends ASTNode, @enum_member {
class EnumMember extends AstNode, @enum_member {
/**
* Gets the name of the enum member, such as `off` in `enum State { on, off }`.
*

6
javascript/ql/lib/semmle/javascript/Variables.qll
View File

@@ -14,7 +14,7 @@ class Scope extends @scope {
Scope getAnInnerScope() { result.getOuterScope() = this }
/** Gets the program element this scope is associated with, if any. */
ASTNode getScopeElement() { scopenodes(result, this) }
AstNode getScopeElement() { scopenodes(result, this) }
/** Gets the location of the program element this scope is associated with, if any. */
Location getLocation() { result = this.getScopeElement().getLocation() }
@@ -32,7 +32,7 @@ class Scope extends @scope {
/**
* A program element that induces a scope.
*/
class ScopeElement extends ASTNode {
class ScopeElement extends AstNode {
Scope s;
ScopeElement() { this = s.getScopeElement() }
@@ -581,7 +581,7 @@ class ObjectPattern extends DestructuringPattern, @object_pattern {
* }
* ```
*/
class PropertyPattern extends @property, ASTNode {
class PropertyPattern extends @property, AstNode {
PropertyPattern() {
// filter out ordinary properties
exists(ObjectPattern obj | properties(this, obj, _, _, _))

4
javascript/ql/lib/semmle/javascript/XML.qll
View File

@@ -4,11 +4,11 @@
import semmle.files.FileSystem
private class TXMLLocatable =
private class TXmlLocatable =
@xmldtd or @xmlelement or @xmlattribute or @xmlnamespace or @xmlcomment or @xmlcharacters;
/** An XML element that has a location. */
class XMLLocatable extends @xmllocatable, TXMLLocatable {
class XMLLocatable extends @xmllocatable, TXmlLocatable {
/** Gets the source location for this element. */
Location getLocation() { xmllocations(this, result) }

30
javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
View File

@@ -78,7 +78,7 @@ module DataFlow {
}
/** Gets the AST node corresponding to this data flow node, if any. */
ASTNode getAstNode() { none() }
AstNode getAstNode() { none() }
/** Gets the basic block to which this node belongs. */
BasicBlock getBasicBlock() { none() }
@@ -332,7 +332,7 @@ module DataFlow {
override File getFile() { result = ssa.getBasicBlock().getFile() }
override ASTNode getAstNode() { none() }
override AstNode getAstNode() { none() }
}
/**
@@ -353,11 +353,11 @@ module DataFlow {
.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override string toString() { result = prop.(ASTNode).toString() }
override string toString() { result = prop.(AstNode).toString() }
override File getFile() { result = prop.(ASTNode).getFile() }
override File getFile() { result = prop.(AstNode).getFile() }
override ASTNode getAstNode() { result = prop }
override AstNode getAstNode() { result = prop }
}
/**
@@ -382,7 +382,7 @@ module DataFlow {
override File getFile() { result = pattern.getFile() }
override ASTNode getAstNode() { result = rest }
override AstNode getAstNode() { result = rest }
}
/**
@@ -407,7 +407,7 @@ module DataFlow {
override File getFile() { result = pattern.getFile() }
override ASTNode getAstNode() { result = elt }
override AstNode getAstNode() { result = elt }
}
/**
@@ -436,7 +436,7 @@ module DataFlow {
override File getFile() { result = arr.getFile() }
override ASTNode getAstNode() { result = elt }
override AstNode getAstNode() { result = elt }
}
/**
@@ -719,7 +719,7 @@ module DataFlow {
* the JSX element it is in.
*/
private class JsxAttributeAsPropWrite extends PropWrite, PropNode {
override JSXAttribute prop;
override JsxAttribute prop;
override Node getBase() { result = valueNode(prop.getElement()) }
@@ -1307,7 +1307,7 @@ module DataFlow {
* This predicate is only defined for expressions, properties, and for statements that declare
* a function, a class, or a TypeScript namespace or enum.
*/
ValueNode valueNode(ASTNode nd) { result.getAstNode() = nd }
ValueNode valueNode(AstNode nd) { result.getAstNode() = nd }
/**
* Gets the data flow node corresponding to `e`.
@@ -1669,11 +1669,11 @@ module DataFlow {
or
exists(Expr e | e = nd.asExpr() and cause = "heap" |
e instanceof PropAccess or
e instanceof E4X::XMLAnyName or
e instanceof E4X::XMLAttributeSelector or
e instanceof E4X::XMLDotDotExpression or
e instanceof E4X::XMLFilterExpression or
e instanceof E4X::XMLQualifiedIdentifier or
e instanceof E4X::XmlAnyName or
e instanceof E4X::XmlAttributeSelector or
e instanceof E4X::XmlDotDotExpression or
e instanceof E4X::XmlFilterExpression or
e instanceof E4X::XmlQualifiedIdentifier or
e instanceof Angular2::PipeRefExpr
)
or

10
javascript/ql/lib/semmle/javascript/dataflow/Portals.qll
View File

@@ -180,7 +180,7 @@ private class NpmPackagePortal extends Portal, MkNpmPackagePortal {
private module NpmPackagePortal {
/** Gets an import of `imported` inside package `importer`. */
pragma[noinline]
private DataFlow::SourceNode getAModuleImport(NPMPackage importer, string imported) {
private DataFlow::SourceNode getAModuleImport(NpmPackage importer, string imported) {
result = DataFlow::moduleImport(imported) and
result.getTopLevel() = importer.getAModule()
}
@@ -188,7 +188,7 @@ private module NpmPackagePortal {
/** Gets an import of `member` from `imported` inside package `importer`. */
pragma[noinline]
private DataFlow::SourceNode getAModuleMemberImport(
NPMPackage importer, string imported, string member
NpmPackage importer, string imported, string member
) {
result = DataFlow::moduleMember(imported, member) and
result.getTopLevel() = importer.getAModule()
@@ -196,7 +196,7 @@ private module NpmPackagePortal {
/** Holds if `imp` is an import of package `pkgName`. */
predicate imports(DataFlow::SourceNode imp, string pkgName) {
exists(NPMPackage pkg |
exists(NpmPackage pkg |
imp = getAModuleImport(pkg, pkgName) and
pkgName.regexpMatch("[^./].*")
)
@@ -204,7 +204,7 @@ private module NpmPackagePortal {
/** Holds if `imp` imports `member` from package `pkgName`. */
predicate imports(DataFlow::SourceNode imp, string pkgName, string member) {
exists(NPMPackage pkg |
exists(NpmPackage pkg |
imp = getAModuleMemberImport(pkg, pkgName, member) and
pkgName.regexpMatch("[^./].*")
)
@@ -212,7 +212,7 @@ private module NpmPackagePortal {
/** Gets the main module of package `pkgName`. */
Module packageMain(string pkgName) {
exists(PackageJSON pkg |
exists(PackageJson pkg |
// don't construct portals for private packages
not pkg.isPrivate() and
// don't construct portals for vendored-in packages

4
javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
View File

@@ -302,13 +302,13 @@ module SourceNode {
*/
class DefaultRange extends Range {
DefaultRange() {
exists(ASTNode astNode | this = DataFlow::valueNode(astNode) |
exists(AstNode astNode | this = DataFlow::valueNode(astNode) |
astNode instanceof PropAccess or
astNode instanceof Function or
astNode instanceof ClassDefinition or
astNode instanceof ObjectExpr or
astNode instanceof ArrayExpr or
astNode instanceof JSXNode or
astNode instanceof JsxNode or
astNode instanceof GlobalVarAccess or
astNode instanceof ExternalModuleReference or
astNode instanceof RegExpLiteral or

12
javascript/ql/lib/semmle/javascript/dataflow/internal/BasicExprTypeInference.qll
View File

@@ -129,8 +129,8 @@ private class AnalyzedEnumDeclaration extends DataFlow::AnalyzedValueNode {
/**
* Flow analysis for JSX elements and fragments.
*/
private class AnalyzedJSXNode extends DataFlow::AnalyzedValueNode {
override JSXNode astNode;
private class AnalyzedJsxNode extends DataFlow::AnalyzedValueNode {
override JsxNode astNode;
override AbstractValue getALocalValue() { result = TAbstractOtherObject() }
}
@@ -138,8 +138,8 @@ private class AnalyzedJSXNode extends DataFlow::AnalyzedValueNode {
/**
* Flow analysis for qualified JSX names.
*/
private class AnalyzedJSXQualifiedName extends DataFlow::AnalyzedValueNode {
override JSXQualifiedName astNode;
private class AnalyzedJsxQualifiedName extends DataFlow::AnalyzedValueNode {
override JsxQualifiedName astNode;
override AbstractValue getALocalValue() { result = TAbstractOtherObject() }
}
@@ -147,8 +147,8 @@ private class AnalyzedJSXQualifiedName extends DataFlow::AnalyzedValueNode {
/**
* Flow analysis for empty JSX expressions.
*/
private class AnalyzedJSXEmptyExpression extends DataFlow::AnalyzedValueNode {
override JSXEmptyExpr astNode;
private class AnalyzedJsxEmptyExpression extends DataFlow::AnalyzedValueNode {
override JsxEmptyExpr astNode;
override AbstractValue getALocalValue() { result = TAbstractUndefined() }
}

2
javascript/ql/lib/semmle/javascript/dataflow/internal/VariableTypeInference.qll
View File

@@ -138,7 +138,7 @@ class AnalyzedVarDef extends VarDef {
/**
* Gets the toplevel syntactic unit to which this definition belongs.
*/
TopLevel getTopLevel() { result = this.(ASTNode).getTopLevel() }
TopLevel getTopLevel() { result = this.(AstNode).getTopLevel() }
}
/**

60
javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll
View File

@@ -35,9 +35,12 @@ abstract class Dependency extends Locatable {
* the source tree, or a package that is referenced as a dependency
* in a `package.json` file.
*/
abstract class NPMDependency extends Dependency {
abstract class NpmDependency extends Dependency {
/** Gets the name of the NPM package this module belongs to. */
abstract string getNPMPackageName();
abstract string getNpmPackageName();
/** DEPRECATED: Alias for getNpmPackageName */
deprecated string getNPMPackageName() { result = getNpmPackageName() }
/** Gets the version of the NPM package this module belongs to. */
abstract string getVersion();
@@ -46,7 +49,7 @@ abstract class NPMDependency extends Dependency {
abstract Import getAnImport();
override predicate info(string id, string v) {
id = this.getNPMPackageName() and
id = this.getNpmPackageName() and
v = this.getVersion()
}
@@ -59,6 +62,9 @@ abstract class NPMDependency extends Dependency {
}
}
/** DEPRECATED: Alias for NpmDependency */
deprecated class NPMDependency = NpmDependency;
/**
* Gets a variable into which something is imported by `i`.
*/
@@ -83,23 +89,26 @@ private Expr propAccessOn(Expr e) { result.(PropAccess).getBase() = e }
* included in the database (as opposed to an `ExternalNPMDependency`
* which is only referenced in a `package.json` file).
*/
class BundledNPMDependency extends NPMDependency {
BundledNPMDependency() {
exists(NPMPackage pkg | this = pkg.getAModule() |
class BundledNpmDependency extends NpmDependency {
BundledNpmDependency() {
exists(NpmPackage pkg | this = pkg.getAModule() |
// exclude packages marked "private": they have no globally unique ID
not pkg.getPackageJSON().isPrivate()
not pkg.getPackageJson().isPrivate()
)
}
/** Gets the package to which this module belongs. */
private NPMPackage getPackage() { this = result.getAModule() }
private NpmPackage getPackage() { this = result.getAModule() }
/** Gets the `package.json` of the package to which this module belongs. */
private PackageJSON getPackageJSON() { result = this.getPackage().getPackageJSON() }
private PackageJson getPackageJson() { result = this.getPackage().getPackageJson() }
override string getNPMPackageName() { result = this.getPackageJSON().getPackageName() }
override string getNpmPackageName() { result = this.getPackageJson().getPackageName() }
override string getVersion() { result = this.getPackageJSON().getVersion() }
/** DEPRECATED: Alias for getNpmPackageName */
deprecated override string getNPMPackageName() { result = getNpmPackageName() }
override string getVersion() { result = this.getPackageJson().getVersion() }
override Import getAnImport() {
this = result.getImportedModule() and
@@ -108,27 +117,33 @@ class BundledNPMDependency extends NPMDependency {
}
}
/** DEPRECATED: Alias for BundledNpmDependency */
deprecated class BundledNPMDependency = BundledNpmDependency;
/**
* An NPM package referenced in a `package.json` file.
*/
class ExternalNPMDependency extends NPMDependency {
ExternalNPMDependency() {
exists(PackageJSON pkgjson |
this.(JSONString) = pkgjson.getADependenciesObject(_).getPropValue(_)
class ExternalNpmDependency extends NpmDependency {
ExternalNpmDependency() {
exists(PackageJson pkgjson |
this.(JsonString) = pkgjson.getADependenciesObject(_).getPropValue(_)
)
}
/** Gets the NPM package declaring this dependency. */
private NPMPackage getDeclaringPackage() {
this = result.getPackageJSON().getADependenciesObject(_).getPropValue(_)
private NpmPackage getDeclaringPackage() {
this = result.getPackageJson().getADependenciesObject(_).getPropValue(_)
}
override string getNPMPackageName() {
override string getNpmPackageName() {
exists(PackageDependencies pkgdeps | this = pkgdeps.getPropValue(result))
}
/** DEPRECATED: Alias for getNpmPackageName */
deprecated override string getNPMPackageName() { result = getNpmPackageName() }
private string getVersionNumber() {
exists(string versionRange | versionRange = this.(JSONString).getValue() |
exists(string versionRange | versionRange = this.(JsonString).getValue() |
// extract a concrete version from the version range; currently,
// we handle exact versions as well as `<=`, `>=`, `~` and `^` ranges
result = versionRange.regexpCapture("(?:[><]=|[=~^])?v?(\\d+(\\.\\d+){1,2})", 1)
@@ -151,13 +166,16 @@ class ExternalNPMDependency extends NPMDependency {
}
}
/** DEPRECATED: Alias for ExternalNpmDependency */
deprecated class ExternalNPMDependency = ExternalNpmDependency;
/**
* Holds if import `i` may refer to the declared dependency `dep` of package `pkg`,
* where the result value is the nesting depth of the file containing `i` within `pkg`.
*/
private int importsDependency(Import i, NPMPackage pkg, NPMDependency dep) {
private int importsDependency(Import i, NpmPackage pkg, NpmDependency dep) {
exists(string name |
dep = pkg.getPackageJSON().getADependenciesObject(_).getPropValue(name) and
dep = pkg.getPackageJson().getADependenciesObject(_).getPropValue(name) and
not exists(i.getImportedModule()) and
i.getImportedPath().getComponent(0) = name and
i.getEnclosingModule() = pkg.getAModule() and

137
javascript/ql/lib/semmle/javascript/dependencies/FrameworkLibraries.qll
View File

@@ -125,9 +125,9 @@ abstract class FrameworkLibraryWithMarkerComment extends FrameworkLibrary {
* A framework library that is referenced by URLs that have a certain
* pattern.
*/
abstract class FrameworkLibraryWithURLRegex extends FrameworkLibrary {
abstract class FrameworkLibraryWithUrlRegex extends FrameworkLibrary {
bindingset[this]
FrameworkLibraryWithURLRegex() { this = this }
FrameworkLibraryWithUrlRegex() { this = this }
/**
* Gets a regular expression that can be used to identify a URL referring
@@ -136,9 +136,15 @@ abstract class FrameworkLibraryWithURLRegex extends FrameworkLibrary {
* The first capture group of this regular expression should match
* the version number.
*/
abstract string getAURLRegex();
abstract string getAUrlRegex();
/** DEPRECATED: Alias for getAUrlRegex */
deprecated string getAURLRegex() { result = getAUrlRegex() }
}
/** DEPRECATED: Alias for FrameworkLibraryWithUrlRegex */
deprecated class FrameworkLibraryWithURLRegex = FrameworkLibraryWithUrlRegex;
/**
* A framework library that is referenced by URLs containing the name
* of the framework (or an alias) and a version string.
@@ -154,14 +160,14 @@ abstract class FrameworkLibraryWithURLRegex extends FrameworkLibrary {
*
* See `variantRegex()` below for a discussion of variant suffixes.
*/
abstract class FrameworkLibraryWithGenericURL extends FrameworkLibraryWithURLRegex {
abstract class FrameworkLibraryWithGenericUrl extends FrameworkLibraryWithUrlRegex {
bindingset[this]
FrameworkLibraryWithGenericURL() { this = this }
FrameworkLibraryWithGenericUrl() { this = this }
/** Gets an alternative name of this library. */
string getAnAlias() { none() }
override string getAURLRegex() {
override string getAUrlRegex() {
exists(string id | id = this.getId() or id = this.getAnAlias() |
result = ".*(?:^|/)" + id + "-(" + semverRegex() + ")" + variantRegex() + "\\.js" or
result =
@@ -169,8 +175,14 @@ abstract class FrameworkLibraryWithGenericURL extends FrameworkLibraryWithURLReg
"\\.js"
)
}
/** DEPRECATED: Alias for getAUrlRegex */
deprecated override string getAURLRegex() { result = getAUrlRegex() }
}
/** DEPRECATED: Alias for FrameworkLibraryWithGenericUrl */
deprecated class FrameworkLibraryWithGenericURL = FrameworkLibraryWithGenericUrl;
/**
* Gets a regular expression identifying suffixes that are commonly appended
* to the name of a library to distinguish minor variants.
@@ -264,20 +276,23 @@ private predicate matchMarkerComment(
/**
* A reference to a `FrameworkLibraryWithURL`.
*/
class FrameworkLibraryReferenceWithURL extends FrameworkLibraryReference {
FrameworkLibraryReferenceWithURL() { matchURL(this, _, _) }
class FrameworkLibraryReferenceWithUrl extends FrameworkLibraryReference {
FrameworkLibraryReferenceWithUrl() { matchUrl(this, _, _) }
override predicate info(FrameworkLibrary fl, string v) { matchURL(this, fl, v) }
override predicate info(FrameworkLibrary fl, string v) { matchUrl(this, fl, v) }
}
/** DEPRECATED: Alias for FrameworkLibraryReferenceWithUrl */
deprecated class FrameworkLibraryReferenceWithURL = FrameworkLibraryReferenceWithUrl;
/**
* Holds if the value of `src` attribute `attr` matches the URL pattern of library
* `fl` at `version`.
*/
private predicate matchURL(HTML::Attribute attr, FrameworkLibraryWithURLRegex fl, string version) {
private predicate matchUrl(HTML::Attribute attr, FrameworkLibraryWithUrlRegex fl, string version) {
attr.getName() = "src" and
attr.getElement() instanceof HTML::ScriptElement and
version = attr.getValue().regexpCapture(fl.getAURLRegex(), 1)
version = attr.getValue().regexpCapture(fl.getAUrlRegex(), 1)
}
/**
@@ -288,7 +303,7 @@ private string versionRegex() { result = "\\d+\\.\\d+[A-Za-z0-9.+_-]*" }
/**
* The jQuery framework.
*/
private class JQuery extends FrameworkLibraryWithGenericURL {
private class JQuery extends FrameworkLibraryWithGenericUrl {
JQuery() { this = "jquery" }
override string getAnEntryPoint() { result = "$" or result = "jQuery" }
@@ -331,7 +346,7 @@ private class JQueryInstance extends FrameworkLibraryInstance {
/**
* The jQuery Mobile framework.
*/
private class JQueryMobile extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class JQueryMobile extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
JQueryMobile() { this = "jquery-mobile" }
override string getAnAlias() { result = "jquery.mobile" }
@@ -344,7 +359,7 @@ private class JQueryMobile extends FrameworkLibraryWithGenericURL, FrameworkLibr
/**
* The jQuery UI framework.
*/
private class JQueryUI extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class JQueryUI extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
JQueryUI() { this = "jquery-ui" }
override string getAMarkerCommentRegex() { result = "(?s).*jQuery UI - v?(<VERSION>).*" }
@@ -355,7 +370,7 @@ private class JQueryUI extends FrameworkLibraryWithGenericURL, FrameworkLibraryW
/**
* The jQuery TextExt framework.
*/
private class JQueryTextExt extends FrameworkLibraryWithGenericURL,
private class JQueryTextExt extends FrameworkLibraryWithGenericUrl,
FrameworkLibraryWithMarkerComment {
JQueryTextExt() { this = "jquery-textext" }
@@ -371,7 +386,7 @@ private class JQueryTextExt extends FrameworkLibraryWithGenericURL,
/**
* The jQuery DataTables framework.
*/
private class JQueryDataTables extends FrameworkLibraryWithGenericURL,
private class JQueryDataTables extends FrameworkLibraryWithGenericUrl,
FrameworkLibraryWithMarkerComment {
JQueryDataTables() { this = "jquery-dataTables" }
@@ -385,7 +400,7 @@ private class JQueryDataTables extends FrameworkLibraryWithGenericURL,
/**
* The jQuery jsTree framework.
*/
private class JQueryJsTree extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class JQueryJsTree extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
JQueryJsTree() { this = "jquery-jstree" }
override string getAnAlias() { result = "jquery.jstree" }
@@ -396,7 +411,7 @@ private class JQueryJsTree extends FrameworkLibraryWithGenericURL, FrameworkLibr
/**
* The jQuery Snippet framework.
*/
private class JQuerySnippet extends FrameworkLibraryWithGenericURL,
private class JQuerySnippet extends FrameworkLibraryWithGenericUrl,
FrameworkLibraryWithMarkerComment {
JQuerySnippet() { this = "jquery-snippet" }
@@ -410,7 +425,7 @@ private class JQuerySnippet extends FrameworkLibraryWithGenericURL,
/**
* The Bootstrap framework.
*/
private class Bootstrap extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class Bootstrap extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
Bootstrap() { this = "bootstrap" }
override string getAMarkerCommentRegex() {
@@ -423,7 +438,7 @@ private class Bootstrap extends FrameworkLibraryWithGenericURL, FrameworkLibrary
/**
* The Modernizr framework.
*/
private class Modernizr extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class Modernizr extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
Modernizr() { this = "modernizr" }
override string getAMarkerCommentRegex() {
@@ -436,7 +451,7 @@ private class Modernizr extends FrameworkLibraryWithGenericURL, FrameworkLibrary
/**
* The MooTools framework.
*/
private class MooTools extends FrameworkLibraryWithGenericURL {
private class MooTools extends FrameworkLibraryWithGenericUrl {
MooTools() { this = "mootools" }
override string getAnEntryPoint() { /* not easily detectable */ none() }
@@ -479,7 +494,7 @@ private class MooToolsInstance extends FrameworkLibraryInstance {
/**
* The Prototype framework.
*/
private class Prototype extends FrameworkLibraryWithGenericURL {
private class Prototype extends FrameworkLibraryWithGenericUrl {
Prototype() { this = "prototype" }
override string getAnEntryPoint() { /* not easily detectable */ none() }
@@ -518,7 +533,7 @@ private class PrototypeInstance extends FrameworkLibraryInstance {
/**
* The Scriptaculous framework.
*/
private class Scriptaculous extends FrameworkLibraryWithGenericURL {
private class Scriptaculous extends FrameworkLibraryWithGenericUrl {
Scriptaculous() { this = "scriptaculous" }
override string getAnEntryPoint() { /* not easily detectable */ none() }
@@ -557,7 +572,7 @@ private class ScriptaculousInstance extends FrameworkLibraryInstance {
/**
* The Underscore framework.
*/
private class Underscore extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class Underscore extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
Underscore() { this = "underscore" }
override string getAMarkerCommentRegex() { result = "^\\s*Underscore.js (<VERSION>).*" }
@@ -568,7 +583,7 @@ private class Underscore extends FrameworkLibraryWithGenericURL, FrameworkLibrar
/**
* The Lodash framework.
*/
private class Lodash extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class Lodash extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
Lodash() { this = "lodash" }
override string getAMarkerCommentRegex() {
@@ -581,7 +596,7 @@ private class Lodash extends FrameworkLibraryWithGenericURL, FrameworkLibraryWit
}
/** The Dojo framework. */
private class Dojo extends FrameworkLibraryWithGenericURL {
private class Dojo extends FrameworkLibraryWithGenericUrl {
Dojo() { this = "dojo" }
override string getAnEntryPoint() { result = "dojo" }
@@ -613,7 +628,7 @@ private class DojoInstance extends FrameworkLibraryInstance {
/**
* The ExtJS framework.
*/
private class ExtJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class ExtJS extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
ExtJS() { this = "extjs" }
override string getAMarkerCommentRegex() {
@@ -629,7 +644,7 @@ private class ExtJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWith
/**
* The YUI framework.
*/
private class YUI extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class YUI extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
YUI() { this = "yui" }
override string getAMarkerCommentRegex() { result = "(?s).*YUI (<VERSION>) \\(build \\d+\\).*" }
@@ -640,7 +655,7 @@ private class YUI extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMa
/**
* The Knockout framework.
*/
private class Knockout extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class Knockout extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
Knockout() { this = "knockout" }
override string getAMarkerCommentRegex() {
@@ -653,7 +668,7 @@ private class Knockout extends FrameworkLibraryWithGenericURL, FrameworkLibraryW
/**
* The AngularJS framework.
*/
private class AngularJS extends FrameworkLibraryWithGenericURL {
private class AngularJS extends FrameworkLibraryWithGenericUrl {
AngularJS() { this = "angularjs" }
override string getAnAlias() { result = "angular" or result = "angular2" }
@@ -691,7 +706,7 @@ private class AngularJSInstance extends FrameworkLibraryInstance {
/**
* The Angular UI bootstrap framework.
*/
private class AngularUIBootstrap extends FrameworkLibraryWithGenericURL {
private class AngularUIBootstrap extends FrameworkLibraryWithGenericUrl {
AngularUIBootstrap() { this = "angular-ui-bootstrap" }
override string getAnAlias() { result = "ui-bootstrap" }
@@ -722,7 +737,7 @@ private class AngularUIBootstrapInstance extends FrameworkLibraryInstance {
/**
* The React framework.
*/
private class React extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class React extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
React() { this = "react" }
override string getAMarkerCommentRegex() {
@@ -733,15 +748,15 @@ private class React extends FrameworkLibraryWithGenericURL, FrameworkLibraryWith
/**
* The Microsoft AJAX Framework.
*/
private class MicrosoftAJAXFramework extends FrameworkLibrary {
MicrosoftAJAXFramework() { this = "microsoft-ajax-framework" }
private class MicrosoftAjaxFramework extends FrameworkLibrary {
MicrosoftAjaxFramework() { this = "microsoft-ajax-framework" }
}
/**
* Holds if comments `c1` and `c2` in toplevel `tl` are marker comments for the given
* `version` of the Microsoft AJAX Framework.
*/
private predicate microsoftAJAXFrameworkMarkerComments(
private predicate microsoftAjaxFrameworkMarkerComments(
Comment c1, Comment c2, TopLevel tl, string version
) {
tl = c1.getTopLevel() and
@@ -753,19 +768,19 @@ private predicate microsoftAJAXFrameworkMarkerComments(
/**
* A copy of the Microsoft AJAX Framework.
*/
private class MicrosoftAJAXFrameworkInstance extends FrameworkLibraryInstance {
MicrosoftAJAXFrameworkInstance() { microsoftAJAXFrameworkMarkerComments(_, _, this, _) }
private class MicrosoftAjaxFrameworkInstance extends FrameworkLibraryInstance {
MicrosoftAjaxFrameworkInstance() { microsoftAjaxFrameworkMarkerComments(_, _, this, _) }
override predicate info(FrameworkLibrary fl, string v) {
fl instanceof MicrosoftAJAXFramework and
microsoftAJAXFrameworkMarkerComments(_, _, this, v)
fl instanceof MicrosoftAjaxFramework and
microsoftAjaxFrameworkMarkerComments(_, _, this, v)
}
}
/**
* The Polymer framework.
*/
private class Polymer extends FrameworkLibraryWithGenericURL {
private class Polymer extends FrameworkLibraryWithGenericUrl {
Polymer() { this = "polymer" }
override string getAnEntryPoint() { result = "Polymer" }
@@ -800,7 +815,7 @@ private class PolymerInstance extends FrameworkLibraryInstance {
/**
* The Vue.js framework.
*/
private class VueJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class VueJS extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
VueJS() { this = "vue" }
override string getAMarkerCommentRegex() { result = "(?s).*Vue\\.js v(<VERSION>).*" }
@@ -811,7 +826,7 @@ private class VueJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWith
/**
* The Swagger UI framework.
*/
private class SwaggerUI extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class SwaggerUI extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
SwaggerUI() { this = "swagger-ui" }
override string getAMarkerCommentRegex() {
@@ -822,7 +837,7 @@ private class SwaggerUI extends FrameworkLibraryWithGenericURL, FrameworkLibrary
/**
* The Backbone.js framework.
*/
private class BackboneJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class BackboneJS extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
BackboneJS() { this = "backbone" }
override string getAMarkerCommentRegex() { result = "(?s).*Backbone\\.js (<VERSION>).*" }
@@ -833,7 +848,7 @@ private class BackboneJS extends FrameworkLibraryWithGenericURL, FrameworkLibrar
/**
* The Ember.js framework.
*/
private class EmberJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class EmberJS extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
EmberJS() { this = "ember" }
override string getAMarkerCommentRegex() {
@@ -846,7 +861,7 @@ private class EmberJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWi
/**
* The QUnit.js framework.
*/
private class QUnitJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class QUnitJS extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
QUnitJS() { this = "qunit" }
override string getAMarkerCommentRegex() { result = "(?s).*QUnit\\s*(<VERSION>).*" }
@@ -857,28 +872,28 @@ private class QUnitJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWi
/**
* The Mocha framework.
*/
private class Mocha extends FrameworkLibraryWithGenericURL {
private class Mocha extends FrameworkLibraryWithGenericUrl {
Mocha() { this = "mocha" }
}
/**
* The Jasmine framework.
*/
private class Jasmine extends FrameworkLibraryWithGenericURL {
private class Jasmine extends FrameworkLibraryWithGenericUrl {
Jasmine() { this = "jasmine" }
}
/**
* The Chai framework.
*/
private class Chai extends FrameworkLibraryWithGenericURL {
private class Chai extends FrameworkLibraryWithGenericUrl {
Chai() { this = "chai" }
}
/**
* The Sinon.JS framework.
*/
private class SinonJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class SinonJS extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
SinonJS() { this = "sinon" }
override string getAnAlias() { result = "sinon-ie" or result = "sinon-timers" }
@@ -889,7 +904,7 @@ private class SinonJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWi
/**
* The TinyMCE framework.
*/
private class TinyMCE extends FrameworkLibraryWithGenericURL {
private class TinyMCE extends FrameworkLibraryWithGenericUrl {
TinyMCE() { this = "tinymce" }
override string getAnAlias() { result = "jquery.tinymce" or result = "tinymce.jquery" }
@@ -898,7 +913,7 @@ private class TinyMCE extends FrameworkLibraryWithGenericURL {
/**
* The Require.js framework.
*/
private class RequireJS extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class RequireJS extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
RequireJS() { this = "requirejs" }
override string getAnAlias() { result = "require.js" }
@@ -917,7 +932,7 @@ private class ApplicationInsightsInstance extends FrameworkLibraryInstance {
this.(TopLevel)
.getFile()
.getAbsolutePath()
.regexpCapture(any(ApplicationInsights t).getAURLRegex(), 1)
.regexpCapture(any(ApplicationInsights t).getAUrlRegex(), 1)
}
override predicate info(FrameworkLibrary fl, string v) {
@@ -929,16 +944,19 @@ private class ApplicationInsightsInstance extends FrameworkLibraryInstance {
/**
* The Microsoft ApplicationInsights framework.
*/
private class ApplicationInsights extends FrameworkLibraryWithURLRegex {
private class ApplicationInsights extends FrameworkLibraryWithUrlRegex {
ApplicationInsights() { this = "ApplicationInsights" }
override string getAURLRegex() { result = ".*(?:^|/)ai\\.(" + semverRegex() + ")-build\\d+\\.js" }
override string getAUrlRegex() { result = ".*(?:^|/)ai\\.(" + semverRegex() + ")-build\\d+\\.js" }
/** DEPRECATED: Alias for getAUrlRegex */
deprecated override string getAURLRegex() { result = getAUrlRegex() }
}
/**
* The twitter-text framework.
*/
private class TwitterText extends FrameworkLibraryWithGenericURL, FrameworkLibraryWithMarkerComment {
private class TwitterText extends FrameworkLibraryWithGenericUrl, FrameworkLibraryWithMarkerComment {
TwitterText() { this = "twitter-text" }
override string getAMarkerCommentRegex() { result = "(?s).*twitter-text\\s*(<VERSION>).*" }
@@ -947,10 +965,13 @@ private class TwitterText extends FrameworkLibraryWithGenericURL, FrameworkLibra
/**
* The classic version of twitter-text, as seen in the wild.
*/
private class TwitterTextClassic extends FrameworkLibraryWithURLRegex {
private class TwitterTextClassic extends FrameworkLibraryWithUrlRegex {
TwitterTextClassic() { this = "twitter-text" }
override string getAURLRegex() { result = ".*(?:^|/)twitter_text" + variantRegex() + "\\.js" }
override string getAUrlRegex() { result = ".*(?:^|/)twitter_text" + variantRegex() + "\\.js" }
/** DEPRECATED: Alias for getAUrlRegex */
deprecated override string getAURLRegex() { result = getAUrlRegex() }
}
/**
@@ -961,7 +982,7 @@ private class TwitterTextClassicInstance extends FrameworkLibraryInstance {
this.(TopLevel)
.getFile()
.getAbsolutePath()
.regexpMatch(any(TwitterTextClassic t).getAURLRegex())
.regexpMatch(any(TwitterTextClassic t).getAUrlRegex())
}
override predicate info(FrameworkLibrary fl, string v) {

18
javascript/ql/lib/semmle/javascript/frameworks/AngularJS/DependencyInjections.qll
View File

@@ -46,23 +46,23 @@ abstract class InjectableFunction extends DataFlow::ValueNode {
/**
* Gets the `i`th dependency declaration, which is also named `name`.
*/
abstract ASTNode getDependencyDeclaration(int i, string name);
abstract AstNode getDependencyDeclaration(int i, string name);
/**
* Gets an ASTNode for the `name` dependency declaration.
*/
ASTNode getADependencyDeclaration(string name) { result = getDependencyDeclaration(_, name) }
AstNode getADependencyDeclaration(string name) { result = getDependencyDeclaration(_, name) }
/**
* Gets the ASTNode for the `i`th dependency declaration.
*/
ASTNode getDependencyDeclaration(int i) { result = getDependencyDeclaration(i, _) }
AstNode getDependencyDeclaration(int i) { result = getDependencyDeclaration(i, _) }
/** Gets the function underlying this injectable function. */
abstract Function asFunction();
/** Gets a location where this function is explicitly dependency injected. */
abstract ASTNode getAnExplicitDependencyInjection();
abstract AstNode getAnExplicitDependencyInjection();
/**
* Gets a service corresponding to the dependency-injected `parameter`.
@@ -110,7 +110,7 @@ private class FunctionWithImplicitDependencyAnnotation extends InjectableFunctio
override Function asFunction() { result = astNode }
override ASTNode getAnExplicitDependencyInjection() { none() }
override AstNode getAnExplicitDependencyInjection() { none() }
}
private DataFlow::PropWrite getAPropertyDependencyInjection(Function function) {
@@ -143,7 +143,7 @@ private class FunctionWithInjectProperty extends InjectableFunction {
exists(int i | exists(getDependencyDeclaration(i, name)) | result = astNode.getParameter(i))
}
override ASTNode getDependencyDeclaration(int i, string name) {
override AstNode getDependencyDeclaration(int i, string name) {
exists(DataFlow::ValueNode decl |
decl = dependencies.getElement(i) and
decl.mayHaveStringValue(name) and
@@ -153,7 +153,7 @@ private class FunctionWithInjectProperty extends InjectableFunction {
override Function asFunction() { result = astNode }
override ASTNode getAnExplicitDependencyInjection() {
override AstNode getAnExplicitDependencyInjection() {
result = getAPropertyDependencyInjection(astNode).getAstNode()
}
}
@@ -176,14 +176,14 @@ private class FunctionWithExplicitDependencyAnnotation extends InjectableFunctio
)
}
override ASTNode getDependencyDeclaration(int i, string name) {
override AstNode getDependencyDeclaration(int i, string name) {
result = astNode.getElement(i) and
result.(Expr).mayHaveStringValue(name)
}
override Function asFunction() { result = function.getAstNode() }
override ASTNode getAnExplicitDependencyInjection() {
override AstNode getAnExplicitDependencyInjection() {
result = astNode or
result = function.(InjectableFunction).getAnExplicitDependencyInjection()
}

22
javascript/ql/lib/semmle/javascript/frameworks/Babel.qll
View File

@@ -9,18 +9,18 @@ module Babel {
* A Babel configuration object, either from `package.json` or from a
* `.babelrc` file.
*/
class Config extends JSONObject {
class Config extends JsonObject {
Config() {
isTopLevel() and getJsonFile().getBaseName().matches(".babelrc%")
or
this = any(PackageJSON pkg).getPropValue("babel")
this = any(PackageJson pkg).getPropValue("babel")
}
/**
* Gets the configuration for the plugin with the given name.
*/
JSONValue getPluginConfig(string pluginName) {
exists(JSONArray plugins |
JsonValue getPluginConfig(string pluginName) {
exists(JsonArray plugins |
plugins = getPropValue("plugins") and
result = plugins.getElementValue(_)
|
@@ -38,7 +38,7 @@ module Babel {
or
result = getAContainerInScope().getAChildContainer() and
// File-relative .babelrc search stops at any package.json or .babelrc file.
not result.getAChildContainer() = any(PackageJSON pkg).getJsonFile() and
not result.getAChildContainer() = any(PackageJson pkg).getJsonFile() and
not result.getAChildContainer() = any(Config pkg).getJsonFile()
}
@@ -51,7 +51,7 @@ module Babel {
/**
* A configuration object for a Babel plugin.
*/
class Plugin extends JSONValue {
class Plugin extends JsonValue {
Config cfg;
string pluginName;
@@ -64,10 +64,10 @@ module Babel {
Config getConfig() { result = cfg }
/** Gets the options value passed to the plugin, if any. */
JSONValue getOptions() { result = this.(JSONArray).getElementValue(1) }
JsonValue getOptions() { result = this.(JsonArray).getElementValue(1) }
/** Gets a named option from the option object, if present. */
JSONValue getOption(string name) { result = getOptions().getPropValue(name) }
JsonValue getOption(string name) { result = getOptions().getPropValue(name) }
/** Holds if this plugin applies to `tl`. */
predicate appliesTo(TopLevel tl) { cfg.appliesTo(tl) }
@@ -99,12 +99,12 @@ module Babel {
/**
* Gets an object specifying a root prefix.
*/
private JSONObject getARootPathSpec() {
private JsonObject getARootPathSpec() {
// ["babel-plugin-root-import", <spec>]
result = getOptions() and
exists(result.getPropValue("rootPathSuffix"))
or
exists(JSONArray pathSpecs |
exists(JsonArray pathSpecs |
// ["babel-plugin-root-import", [ <spec>... ] ]
pathSpecs = getOptions()
or
@@ -119,7 +119,7 @@ module Babel {
* Gets the (explicitly specified) root for the given prefix.
*/
private string getExplicitRoot(string prefix) {
exists(JSONObject rootPathSpec |
exists(JsonObject rootPathSpec |
rootPathSpec = getARootPathSpec() and
result = rootPathSpec.getPropStringValue("rootPathSuffix")
|

14
javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
View File

@@ -546,8 +546,8 @@ module ClientRequest {
*
* Note: Prefer to use the `ClientRequest` class as it is more general.
*/
class XMLHttpRequest extends ClientRequest::Range {
XMLHttpRequest() {
class XmlHttpRequest extends ClientRequest::Range {
XmlHttpRequest() {
this = DataFlow::globalVarRef("XMLHttpRequest").getAnInstantiation()
or
// closure shim for XMLHttpRequest
@@ -618,6 +618,9 @@ module ClientRequest {
}
}
/** DEPRECATED: Alias for XmlHttpRequest */
deprecated class XMLHttpRequest = XmlHttpRequest;
/**
* A model of a URL request made using the `XhrIo` class from the closure library.
*/
@@ -788,8 +791,8 @@ module ClientRequest {
/**
* A model of a URL request made using `jsdom.fromUrl()`.
*/
class JSDOMFromUrl extends ClientRequest::Range {
JSDOMFromUrl() {
class JSDomFromUrl extends ClientRequest::Range {
JSDomFromUrl() {
this = API::moduleImport("jsdom").getMember("JSDOM").getMember("fromURL").getACall()
}
@@ -800,6 +803,9 @@ module ClientRequest {
override DataFlow::Node getADataNode() { none() }
}
/** DEPRECATED: Alias for JSDomFromUrl */
deprecated class JSDOMFromUrl = JSDomFromUrl;
/**
* Classes and predicates modeling the `apollo-client` library.
*/

4
javascript/ql/lib/semmle/javascript/frameworks/CookieLibraries.qll
View File

@@ -367,10 +367,10 @@ private module ExpressCookies {
* In case an array is passed `setHeader("Set-Cookie", [...]` it sets multiple cookies.
* We model a `CookieWrite` for each array element.
*/
private class HTTPCookieWrite extends CookieWrites::CookieWrite {
private class HttpCookieWrite extends CookieWrites::CookieWrite {
string header;
HTTPCookieWrite() {
HttpCookieWrite() {
exists(HTTP::CookieDefinition setCookie |
this.asExpr() = setCookie.getHeaderArgument() and
not this instanceof DataFlow::ArrayCreationNode

16
javascript/ql/lib/semmle/javascript/frameworks/Files.qll
View File

@@ -212,12 +212,12 @@ private class RecursiveReadDir extends FileSystemAccess, FileNameProducer, API::
/**
* Classes and predicates for modeling the `jsonfile` library (https://www.npmjs.com/package/jsonfile).
*/
private module JSONFile {
private module JsonFile {
/**
* A reader for JSON files.
*/
class JSONFileReader extends FileSystemReadAccess, API::CallNode {
JSONFileReader() {
class JsonFileReader extends FileSystemReadAccess, API::CallNode {
JsonFileReader() {
this = API::moduleImport("jsonfile").getMember(["readFile", "readFileSync"]).getACall()
}
@@ -238,11 +238,14 @@ private module JSONFile {
}
}
/** DEPRECATED: Alias for JsonFileReader */
deprecated class JSONFileReader = JsonFileReader;
/**
* A writer for JSON files.
*/
class JSONFileWriter extends FileSystemWriteAccess, DataFlow::CallNode {
JSONFileWriter() {
class JsonFileWriter extends FileSystemWriteAccess, DataFlow::CallNode {
JsonFileWriter() {
this =
DataFlow::moduleMember("jsonfile", any(string s | s = "writeFile" or s = "writeFileSync"))
.getACall()
@@ -252,6 +255,9 @@ private module JSONFile {
override DataFlow::Node getADataNode() { result = this.getArgument(1) }
}
/** DEPRECATED: Alias for JsonFileWriter */
deprecated class JSONFileWriter = JsonFileWriter;
}
/**

4
javascript/ql/lib/semmle/javascript/frameworks/JWT.qll
View File

@@ -42,8 +42,8 @@ private module JsonWebToken {
/**
* The private key for a JWT as a `CredentialsExpr`.
*/
private class JWTKey extends CredentialsExpr {
JWTKey() {
private class JwtKey extends CredentialsExpr {
JwtKey() {
this = DataFlow::moduleMember("jsonwebtoken", "sign").getACall().getArgument(1).asExpr()
}

5
javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll
View File

@@ -21,7 +21,10 @@ module Markdown {
/**
* Holds if the taint-step preserves HTML.
*/
predicate preservesHTML() { any() }
predicate preservesHtml() { any() }
/** DEPRECATED: Alias for preservesHtml */
deprecated predicate preservesHTML() { preservesHtml() }
}
private class MarkdownStepAsTaintStep extends TaintTracking::SharedTaintStep {

9
javascript/ql/lib/semmle/javascript/frameworks/Next.qll
View File

@@ -11,7 +11,7 @@ module NextJS {
/**
* Gets a `package.json` that depends on the `Next.js` library.
*/
PackageJSON getANextPackage() { result.getDependencies().getADependency("next", _) }
PackageJson getANextPackage() { result.getDependencies().getADependency("next", _) }
/**
* Gets a "pages" folder in a `Next.js` application.
@@ -195,9 +195,9 @@ module NextJS {
* The response (res) includes a set of Express.js-like methods,
* and we therefore model the routehandler as an Express.js routehandler.
*/
class NextAPIRouteHandler extends DataFlow::FunctionNode, Express::RouteHandler,
class NextApiRouteHandler extends DataFlow::FunctionNode, Express::RouteHandler,
HTTP::Servers::StandardRouteHandler {
NextAPIRouteHandler() {
NextApiRouteHandler() {
exists(Module mod | mod.getFile().getParentContainer() = apiFolder() |
this = mod.getAnExportedValue("default").getAFunctionValue()
)
@@ -210,6 +210,9 @@ module NextJS {
}
}
/** DEPRECATED: Alias for NextApiRouteHandler */
deprecated class NextAPIRouteHandler = NextApiRouteHandler;
/**
* Gets a reference to a [Next.js router](https://nextjs.org/docs/api-reference/next/router).
*/

17
javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
View File

@@ -5,14 +5,17 @@
import javascript
import semmle.javascript.Promises
module NoSQL {
/** An expression that is interpreted as a NoSQL query. */
module NoSql {
/** An expression that is interpreted as a NoSql query. */
abstract class Query extends Expr {
/** Gets an expression that is interpreted as a code operator in this query. */
DataFlow::Node getACodeOperator() { none() }
}
}
/** DEPRECATED: Alias for NoSql */
deprecated module NoSQL = NoSql;
/**
* Gets a value that has been assigned to the "$where" property of an object that flows to `queryArg`.
*/
@@ -78,7 +81,7 @@ private module MongoDB {
/**
* An expression that is interpreted as a MongoDB query.
*/
class Query extends NoSQL::Query {
class Query extends NoSql::Query {
QueryCall qc;
Query() { this = qc.getAQueryArgument().asExpr() }
@@ -512,7 +515,7 @@ private module Mongoose {
/**
* An expression that is interpreted as a (part of a) MongoDB query.
*/
class MongoDBQueryPart extends NoSQL::Query {
class MongoDBQueryPart extends NoSql::Query {
MongooseFunction f;
MongoDBQueryPart() { this = f.getQueryArgument().getARhs().asExpr() }
@@ -619,7 +622,7 @@ private module Minimongo {
/**
* An expression that is interpreted as a Minimongo query.
*/
class Query extends NoSQL::Query {
class Query extends NoSql::Query {
QueryCall qc;
Query() { this = qc.getAQueryArgument().asExpr() }
@@ -679,7 +682,7 @@ private module MarsDB {
/**
* An expression that is interpreted as a MarsDB query.
*/
class Query extends NoSQL::Query {
class Query extends NoSql::Query {
QueryCall qc;
Query() { this = qc.getAQueryArgument().asExpr() }
@@ -763,7 +766,7 @@ private module Redis {
/**
* An expression that is interpreted as a key in a Node Redis call.
*/
class RedisKeyArgument extends NoSQL::Query {
class RedisKeyArgument extends NoSql::Query {
RedisKeyArgument() {
exists(string method, int argIndex |
QuerySignatures::argumentIsAmbiguousKey(method, argIndex) and

18
javascript/ql/lib/semmle/javascript/frameworks/React.qll
View File

@@ -23,7 +23,7 @@ DataFlow::SourceNode react() {
* - instances from `React.createClass`
* - stateless functional components
*/
abstract class ReactComponent extends ASTNode {
abstract class ReactComponent extends AstNode {
/**
* Gets an instance method of this component with the given name.
*/
@@ -208,7 +208,7 @@ abstract class ReactComponent extends ASTNode {
DataFlow::Node getACandidatePropsValue(string name) {
getACandidatePropsSource().hasPropertyWrite(name, result)
or
exists(ReactJSXElement e, JSXAttribute attr |
exists(ReactJsxElement e, JsxAttribute attr |
this = e.getComponent() and
attr = e.getAttributeByName(name) and
result.asExpr() = attr.getValue()
@@ -247,13 +247,13 @@ abstract class ReactComponent extends ASTNode {
/**
* Holds if `f` always returns a JSX element or fragment, or a React element.
*/
private predicate alwaysReturnsJSXOrReactElements(Function f) {
private predicate alwaysReturnsJsxOrReactElements(Function f) {
forex(Expr e |
e.flow().(DataFlow::SourceNode).flowsToExpr(f.getAReturnedExpr()) and
// Allow returning string constants in addition to JSX/React elemnts.
not exists(e.getStringValue())
|
e instanceof JSXNode or
e instanceof JsxNode or
e instanceof ReactElementDefinition
)
}
@@ -271,7 +271,7 @@ class FunctionalComponent extends ReactComponent, Function {
p.getName().regexpMatch("(?i).*props.*") or
p instanceof ObjectPattern
) and
alwaysReturnsJSXOrReactElements(this)
alwaysReturnsJsxOrReactElements(this)
}
override Function getInstanceMethod(string name) { name = "render" and result = this }
@@ -420,7 +420,7 @@ private class HeuristicReactPreactComponent extends ClassDefinition, PreactCompo
ES2015Component {
HeuristicReactPreactComponent() {
any(DataFlow::GlobalVarRefNode c | c.getName() = "Component").flowsToExpr(getSuperClass()) and
alwaysReturnsJSXOrReactElements(ClassDefinition.super.getInstanceMethod("render"))
alwaysReturnsJsxOrReactElements(ClassDefinition.super.getInstanceMethod("render"))
}
}
@@ -549,10 +549,10 @@ private class ReactCallbackPartialInvoke extends DataFlow::PartialInvokeNode::Ra
/**
* A `JSXElement` that instantiates a `ReactComponent`.
*/
private class ReactJSXElement extends JSXElement {
private class ReactJsxElement extends JsxElement {
ReactComponent component;
ReactJSXElement() { component.getAComponentCreatorReference().flowsToExpr(getNameExpr()) }
ReactJsxElement() { component.getAComponentCreatorReference().flowsToExpr(getNameExpr()) }
/**
* Gets the component this element instantiates.
@@ -646,7 +646,7 @@ private DataFlow::Node getAContextInput(DataFlow::CallNode createContext) {
createContext = react().getAMemberCall("createContext") and
result = createContext.getArgument(0) // initial value
or
exists(JSXElement provider |
exists(JsxElement provider |
getAContextRef(createContext)
.getAPropertyRead("Provider")
.flowsTo(provider.getNameExpr().flow()) and

2
javascript/ql/lib/semmle/javascript/frameworks/ReactNative.qll
View File

@@ -7,7 +7,7 @@ import javascript
module ReactNative {
/** A `WebView` JSX element. */
class WebViewElement extends DataFlow::ValueNode, DataFlow::SourceNode {
override JSXElement astNode;
override JsxElement astNode;
WebViewElement() {
DataFlow::moduleMember("react-native", "WebView").flowsToExpr(astNode.getNameExpr())

12
javascript/ql/lib/semmle/javascript/frameworks/Redux.qll
View File

@@ -16,19 +16,19 @@ module Redux {
*/
private module ProgramSlicing {
/** Gets the innermost `package.json` file in a directory containing the given file. */
private PackageJSON getPackageJson(Container f) {
private PackageJson getPackageJson(Container f) {
f = result.getFile().getParentContainer()
or
not exists(f.getFile("package.json")) and
result = getPackageJson(f.getParentContainer())
}
private predicate packageDependsOn(PackageJSON importer, PackageJSON dependency) {
private predicate packageDependsOn(PackageJson importer, PackageJson dependency) {
importer.getADependenciesObject("").getADependency(dependency.getPackageName(), _)
}
/** Gets a package that can be considered an entry point for a Redux app. */
private PackageJSON entryPointPackage() {
private PackageJson entryPointPackage() {
result = getPackageJson(any(StoreCreation c).getFile())
or
// Any package that imports a store-creating package is considered a potential entry point.
@@ -36,8 +36,8 @@ module Redux {
}
pragma[nomagic]
private predicate arePackagesInSameReduxApp(PackageJSON a, PackageJSON b) {
exists(PackageJSON entry |
private predicate arePackagesInSameReduxApp(PackageJson a, PackageJson b) {
exists(PackageJson entry |
entry = entryPointPackage() and
packageDependsOn*(entry, a) and
packageDependsOn*(entry, b)
@@ -47,7 +47,7 @@ module Redux {
/** Holds if the two files are considered to be part of the same Redux app. */
pragma[inline]
predicate areFilesInSameReduxApp(File a, File b) {
not exists(PackageJSON pkg)
not exists(PackageJson pkg)
or
arePackagesInSameReduxApp(getPackageJson(a), getPackageJson(b))
}

2
javascript/ql/lib/semmle/javascript/frameworks/SocketIO.qll
View File

@@ -518,7 +518,7 @@ module SocketIOClient {
}
/** Gets the NPM package that contains `nd`. */
private NPMPackage getPackage(DataFlow::SourceNode nd) { result.getAFile() = nd.getFile() }
private NpmPackage getPackage(DataFlow::SourceNode nd) { result.getAFile() = nd.getFile() }
/**
* A data flow node representing an API call that receives data from the server.

2
javascript/ql/lib/semmle/javascript/frameworks/Templating.qll
View File

@@ -84,7 +84,7 @@ module Templating {
predicate isInCodeAttribute() {
exists(TopLevel code | code = this.getParent().(HTML::Attribute).getCodeInAttribute() |
code instanceof EventHandlerCode or
code instanceof JavaScriptURL
code instanceof JavaScriptUrl
)
}

12
javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll
View File

@@ -365,19 +365,19 @@ module Vuex {
*/
private module ProgramSlicing {
/** Gets the innermost `package.json` file in a directory containing the given file. */
private PackageJSON getPackageJson(Container f) {
private PackageJson getPackageJson(Container f) {
f = result.getFile().getParentContainer()
or
not exists(f.getFile("package.json")) and
result = getPackageJson(f.getParentContainer())
}
private predicate packageDependsOn(PackageJSON importer, PackageJSON dependency) {
private predicate packageDependsOn(PackageJson importer, PackageJson dependency) {
importer.getADependenciesObject("").getADependency(dependency.getPackageName(), _)
}
/** Gets a package that can be considered an entry point for a Vuex app. */
private PackageJSON entryPointPackage() {
private PackageJson entryPointPackage() {
result = getPackageJson(storeRef().getAnImmediateUse().getFile())
or
// Any package that imports a store-creating package is considered a potential entry point.
@@ -385,8 +385,8 @@ module Vuex {
}
pragma[nomagic]
private predicate arePackagesInSameVuexApp(PackageJSON a, PackageJSON b) {
exists(PackageJSON entry |
private predicate arePackagesInSameVuexApp(PackageJson a, PackageJson b) {
exists(PackageJson entry |
entry = entryPointPackage() and
packageDependsOn*(entry, a) and
packageDependsOn*(entry, b)
@@ -396,7 +396,7 @@ module Vuex {
/** Holds if the two files are considered to be part of the same Vuex app. */
pragma[inline]
predicate areFilesInSameVuexApp(File a, File b) {
not exists(PackageJSON pkg)
not exists(PackageJson pkg)
or
arePackagesInSameVuexApp(getPackageJson(a), getPackageJson(b))
}

9
javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll
View File

@@ -235,19 +235,22 @@ module ServerWebSocket {
/**
* The `req` parameter of a `socket.on("connection", (msg, req) => {})` call.
*/
class ServerHTTPRequest extends HTTP::Servers::RequestSource {
class ServerHttpRequest extends HTTP::Servers::RequestSource {
ConnectionCallAsRouteHandler handler;
ServerHTTPRequest() { this = handler.getCallback(1).getParameter(1) }
ServerHttpRequest() { this = handler.getCallback(1).getParameter(1) }
override HTTP::RouteHandler getRouteHandler() { result = handler }
}
/** DEPRECATED: Alias for ServerHttpRequest */
deprecated class ServerHTTPRequest = ServerHttpRequest;
/**
* An access user-controlled HTTP request input in a request to a WebSocket server.
*/
class WebSocketRequestInput extends HTTP::RequestInputAccess {
ServerHTTPRequest request;
ServerHttpRequest request;
string kind;
WebSocketRequestInput() {

6
javascript/ql/lib/semmle/javascript/frameworks/XmlParsers.qll
View File

@@ -182,8 +182,8 @@ module XML {
/**
* An invocation of `DOMParser.parseFromString`.
*/
private class DOMParserXmlParserInvocation extends XML::ParserInvocation {
DOMParserXmlParserInvocation() {
private class DomParserXmlParserInvocation extends XML::ParserInvocation {
DomParserXmlParserInvocation() {
this =
DataFlow::globalVarRef("DOMParser")
.getAnInstantiation()
@@ -341,7 +341,7 @@ module XML {
}
}
private class XMLParserTaintStep extends js::TaintTracking::SharedTaintStep {
private class XmlParserTaintStep extends js::TaintTracking::SharedTaintStep {
override predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(XML::ParserInvocation parser |
pred.asExpr() = parser.getSourceArgument() and

4
javascript/ql/lib/semmle/javascript/heuristics/AdditionalSources.qll
View File

@@ -26,9 +26,9 @@ private class RemoteFlowPassword extends HeuristicSource, RemoteFlowSource {
* A use of `JSON.stringify`, viewed as a source for command-line injections
* since it does not properly escape single quotes and dollar symbols.
*/
private class JSONStringifyAsCommandInjectionSource extends HeuristicSource,
private class JsonStringifyAsCommandInjectionSource extends HeuristicSource,
CommandInjection::Source {
JSONStringifyAsCommandInjectionSource() { this instanceof JsonStringifyCall }
JsonStringifyAsCommandInjectionSource() { this instanceof JsonStringifyCall }
override string getSourceType() { result = "a string from JSON.stringify" }
}

11
javascript/ql/lib/semmle/javascript/internal/CachedStages.qll
View File

@@ -56,9 +56,9 @@ module Stages {
predicate backref() {
1 = 1
or
exists(any(ASTNode a).getTopLevel())
exists(any(AstNode a).getTopLevel())
or
exists(any(ASTNode a).getParent())
exists(any(AstNode a).getParent())
or
exists(any(StmtContainer c).getEnclosingContainer())
or
@@ -68,7 +68,7 @@ module Stages {
or
exists(any(Expr e).getStringValue())
or
any(ASTNode node).isAmbient()
any(AstNode node).isAmbient()
or
exists(any(Identifier e).getName())
or
@@ -245,7 +245,7 @@ module Stages {
* The `APIStage` stage.
*/
cached
module APIStage {
module ApiStage {
/**
* Always holds.
* Ensures that a predicate is evaluated as part of the APIStage stage.
@@ -278,6 +278,9 @@ module Stages {
}
}
/** DEPRECATED: Alias for ApiStage */
deprecated module APIStage = ApiStage;
/**
* The `taint` stage.
*/

2
javascript/ql/lib/semmle/javascript/internal/StmtContainers.qll
View File

@@ -16,7 +16,7 @@ private StmtContainer getStmtContainer(NodeInStmtContainer node) {
stmt_containers(node, result)
or
// Properties
exists(ASTNode parent | properties(node, parent, _, _, _) |
exists(AstNode parent | properties(node, parent, _, _, _) |
expr_containers(parent, result)
or
stmt_containers(parent, result)

8
javascript/ql/lib/semmle/javascript/linters/ESLint.qll
View File

@@ -34,7 +34,7 @@ module ESLint {
}
/** An ESLint configuration file in JSON format. */
abstract private class JsonConfiguration extends Configuration, JSONObject { }
abstract private class JsonConfiguration extends Configuration, JsonObject { }
/** An `.eslintrc.json` file. */
private class EslintrcJson extends JsonConfiguration {
@@ -47,11 +47,11 @@ module ESLint {
}
/** An ESLint configuration object in JSON format. */
private class JsonConfigurationObject extends ConfigurationObject, JSONObject {
private class JsonConfigurationObject extends ConfigurationObject, JsonObject {
override Configuration getConfiguration() { this = result.(JsonConfiguration).getPropValue(_) }
override boolean getBooleanProperty(string p) {
exists(string v | v = getPropValue(p).(JSONBoolean).getValue() |
exists(string v | v = getPropValue(p).(JsonBoolean).getValue() |
v = "true" and result = true
or
v = "false" and result = false
@@ -86,7 +86,7 @@ module ESLint {
/** An ESLint configuration embedded in a `package.json` file. */
private class EslintConfigInPackageJson extends JsonConfiguration {
EslintConfigInPackageJson() {
exists(PackageJSON pkg | this = pkg.getPropValue("eslintConfig"))
exists(PackageJson pkg | this = pkg.getPropValue("eslintConfig"))
}
override ConfigurationObject getGlobals() { result = getPropValue("globals") }

9
javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll
View File

@@ -176,8 +176,8 @@ private module RegexpMatching {
}
/** A class to test whether a regular expression matches certain HTML tags. */
class HTMLMatchingRegExp extends RegexpMatching::MatchedRegExp {
HTMLMatchingRegExp() {
class HtmlMatchingRegExp extends RegexpMatching::MatchedRegExp {
HtmlMatchingRegExp() {
// the regexp must mention "<" and ">" explicitly.
forall(string angleBracket | angleBracket = ["<", ">"] |
any(RegExpConstant term | term.getValue().matches("%" + angleBracket + "%")).getRootTerm() =
@@ -204,12 +204,15 @@ class HTMLMatchingRegExp extends RegexpMatching::MatchedRegExp {
}
}
/** DEPRECATED: Alias for HtmlMatchingRegExp */
deprecated class HTMLMatchingRegExp = HtmlMatchingRegExp;
/**
* Holds if `regexp` matches some HTML tags, but misses some HTML tags that it should match.
*
* When adding a new case to this predicate, make sure the test string used in `matches(..)` calls are present in `HTMLMatchingRegExp::test` / `HTMLMatchingRegExp::testWithGroups`.
*/
predicate isBadRegexpFilter(HTMLMatchingRegExp regexp, string msg) {
predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
// CVE-2021-33829 - matching both "<!-- foo -->" and "<!-- foo --!>", but in different capture groups
regexp.matches("<!-- foo -->") and
regexp.matches("<!-- foo --!>") and

4
javascript/ql/lib/semmle/javascript/security/PasswordInConfigurationFileQuery.qll
View File

@@ -16,9 +16,9 @@ import semmle.javascript.security.SensitiveActions
*/
predicate config(string key, string val, Locatable valElement) {
(
exists(JSONObject obj | not exists(PackageJSON p | obj = p.getADependenciesObject(_)) |
exists(JsonObject obj | not exists(PackageJson p | obj = p.getADependenciesObject(_)) |
obj.getPropValue(key) = valElement and
val = valElement.(JSONString).getValue()
val = valElement.(JsonString).getValue()
)
or
exists(YAMLMapping m, YAMLString keyElement |

6
javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll
View File

@@ -226,19 +226,19 @@ module PasswordHeuristics {
predicate isDummyAuthHeader(string header) {
isDummyPassword(header)
or
exists(string prefix, string suffix | prefix = getAnHTTPAuthenticationScheme() |
exists(string prefix, string suffix | prefix = getAnHttpAuthenticationScheme() |
header.toLowerCase() = prefix + " " + suffix and
isDummyPassword(suffix)
)
or
header.trim().toLowerCase() = getAnHTTPAuthenticationScheme()
header.trim().toLowerCase() = getAnHttpAuthenticationScheme()
}
/**
* Gets a HTTP authentication scheme normalized to lowercase.
* From this list: https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml
*/
private string getAnHTTPAuthenticationScheme() {
private string getAnHttpAuthenticationScheme() {
result =
[
"Basic", "Bearer", "Digest", "HOBA", "Mutual", "Negotiate", "OAuth", "SCRAM-SHA-1",

4
javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
View File

@@ -186,9 +186,9 @@ module ClientSideUrlRedirect {
*/
class ReactAttributeWriteUrlSink extends ScriptUrlSink {
ReactAttributeWriteUrlSink() {
exists(JSXAttribute attr |
exists(JsxAttribute attr |
attr.getName() = DOM::getAPropertyNameInterpretedAsJavaScriptUrl() and
attr.getElement().isHTMLElement()
attr.getElement().isHtmlElement()
or
DataFlow::moduleImport("next/link").flowsToExpr(attr.getElement().getNameExpr())
|

16
javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
View File

@@ -208,7 +208,7 @@ module CodeInjection {
*/
class ReactScriptTag extends Sink {
ReactScriptTag() {
exists(JSXElement element | element.getName() = "script" |
exists(JsxElement element | element.getName() = "script" |
this = element.getBodyElement(_).flow()
)
}
@@ -223,7 +223,7 @@ module CodeInjection {
def.getName().regexpMatch("(?i)on.+") and
this = def.getValueNode() and
// JSX event handlers are functions, not strings
not def instanceof JSXAttribute
not def instanceof JsxAttribute
)
}
}
@@ -231,10 +231,13 @@ module CodeInjection {
/**
* A code operator of a NoSQL query as a code injection sink.
*/
class NoSQLCodeInjectionSink extends Sink {
NoSQLCodeInjectionSink() { any(NoSQL::Query q).getACodeOperator() = this }
class NoSqlCodeInjectionSink extends Sink {
NoSqlCodeInjectionSink() { any(NoSql::Query q).getACodeOperator() = this }
}
/** DEPRECATED: Alias for NoSqlCodeInjectionSink */
deprecated class NoSQLCodeInjectionSink = NoSqlCodeInjectionSink;
/**
* The first argument to `Module.prototype._compile`, considered as a code-injection sink.
*/
@@ -379,5 +382,8 @@ module CodeInjection {
/**
* A call to JSON.stringify() seen as a sanitizer.
*/
class JSONStringifySanitizer extends Sanitizer, JsonStringifyCall { }
class JsonStringifySanitizer extends Sanitizer, JsonStringifyCall { }
/** DEPRECATED: Alias for JsonStringifySanitizer */
deprecated class JSONStringifySanitizer = JsonStringifySanitizer;
}

22
javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
View File

@@ -10,14 +10,17 @@ predicate isDomRootType(ExternalType tp) {
}
/** A global variable whose declared type extends a DOM root type. */
class DOMGlobalVariable extends GlobalVariable {
DOMGlobalVariable() {
class DomGlobalVariable extends GlobalVariable {
DomGlobalVariable() {
exists(ExternalVarDecl d | d.getQualifiedName() = this.getName() |
isDomRootType(d.getTypeTag().getTypeDeclaration().getASupertype*())
)
}
}
/** DEPRECATED: Alias for DomGlobalVariable */
deprecated class DOMGlobalVariable = DomGlobalVariable;
/** Holds if `e` could hold a value that comes from the DOM. */
predicate isDomValue(Expr e) { DOM::domValueRef().flowsToExpr(e) }
@@ -37,7 +40,10 @@ DataFlow::SourceNode document() { result = DOM::documentRef() }
predicate isDocument(Expr e) { DOM::documentRef().flowsToExpr(e) }
/** Holds if `e` could refer to the document URL. */
predicate isDocumentURL(Expr e) { e.flow() = DOM::locationSource() }
predicate isDocumentUrl(Expr e) { e.flow() = DOM::locationSource() }
/** DEPRECATED: Alias for isDocumentUrl */
deprecated predicate isDocumentURL = isDocumentUrl/1;
/**
* DEPRECATED. In most cases, a sanitizer based on this predicate can be removed, as
@@ -62,7 +68,7 @@ class DomMethodCallExpr extends MethodCallExpr {
/**
* Holds if `arg` is an argument that is interpreted as HTML.
*/
predicate interpretsArgumentsAsHTML(Expr arg) {
predicate interpretsArgumentsAsHtml(Expr arg) {
exists(int argPos, string name |
arg = this.getArgument(argPos) and
name = this.getMethodName()
@@ -93,6 +99,9 @@ class DomMethodCallExpr extends MethodCallExpr {
)
)
}
/** DEPRECATED: Alias for interpretsArgumentsAsHtml */
deprecated predicate interpretsArgumentsAsHTML(Expr arg) { interpretsArgumentsAsHtml(arg) }
}
/**
@@ -109,11 +118,14 @@ class DomPropWriteNode extends Assignment {
/**
* Holds if the assigned value is interpreted as HTML.
*/
predicate interpretsValueAsHTML() {
predicate interpretsValueAsHtml() {
lhs.getPropertyName() = "innerHTML" or
lhs.getPropertyName() = "outerHTML"
}
/** DEPRECATED: Alias for interpretsValueAsHtml */
deprecated predicate interpretsValueAsHTML() { interpretsValueAsHtml() }
/**
* Holds if the assigned value is interpreted as JavaScript via javascript: protocol.
*/

5
javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll
View File

@@ -4,4 +4,7 @@ import javascript
private import ExternalAPIUsedWithUntrustedDataQuery as ExternalAPIUsedWithUntrustedDataQuery // ignore-query-import
/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */
deprecated module ExternalAPIUsedWithUntrustedData = ExternalAPIUsedWithUntrustedDataQuery;
deprecated module ExternalApiUsedWithUntrustedData = ExternalAPIUsedWithUntrustedDataQuery;
/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
deprecated module ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

27
javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
View File

@@ -9,7 +9,7 @@ import javascript
* Provides sources, sinks and sanitizers for reasoning about flow of
* untrusted data into an external API.
*/
module ExternalAPIUsedWithUntrustedData {
module ExternalApiUsedWithUntrustedData {
/**
* A source of untrusted data.
*/
@@ -62,12 +62,15 @@ module ExternalAPIUsedWithUntrustedData {
/**
* A package name whose entire API is considered "safe" for the purpose of this query.
*/
abstract class SafeExternalAPIPackage extends string {
SafeExternalAPIPackage() { exists(API::moduleImport(this)) }
abstract class SafeExternalApiPackage extends string {
SafeExternalApiPackage() { exists(API::moduleImport(this)) }
}
private class DefaultSafeExternalAPIPackage extends SafeExternalAPIPackage {
DefaultSafeExternalAPIPackage() {
/** DEPRECATED: Alias for SafeExternalApiPackage */
deprecated class SafeExternalAPIPackage = SafeExternalApiPackage;
private class DefaultSafeExternalApiPackage extends SafeExternalApiPackage {
DefaultSafeExternalApiPackage() {
// Promise libraries are safe and generate too much noise if included
this =
[
@@ -80,14 +83,17 @@ module ExternalAPIUsedWithUntrustedData {
/**
* A function that is considered a "safe" external API from a security perspective.
*/
abstract class SafeExternalAPIFunction extends API::Node { }
abstract class SafeExternalApiFunction extends API::Node { }
/** DEPRECATED: Alias for SafeExternalApiFunction */
deprecated class SafeExternalAPIFunction = SafeExternalApiFunction;
/** Holds if data read from a use of `f` may originate from an imported package. */
private predicate mayComeFromLibrary(API::Node f) {
// base case: import
exists(string path |
f = API::moduleImport(path) and
not path instanceof SafeExternalAPIPackage and
not path instanceof SafeExternalApiPackage and
// Exclude paths that can be resolved to a file in the project
not exists(Import imprt |
imprt.getImportedPath().getValue() = path and exists(imprt.getImportedModule())
@@ -132,10 +138,10 @@ module ExternalAPIUsedWithUntrustedData {
*/
private predicate nodeIsRelevant(API::Node node) {
mayComeFromLibrary(node) and
not node instanceof SafeExternalAPIFunction
not node instanceof SafeExternalApiFunction
or
nodeIsRelevant(node.getASuccessor()) and
not node = API::moduleImport(any(SafeExternalAPIPackage p))
not node = API::moduleImport(any(SafeExternalApiPackage p))
}
/** Holds if the edge `pred -> succ` may lead to an external API call. */
@@ -368,3 +374,6 @@ module ExternalAPIUsedWithUntrustedData {
}
}
}
/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
deprecated module ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

23
javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
View File

@@ -8,7 +8,7 @@
*/
import javascript
import ExternalAPIUsedWithUntrustedDataCustomizations::ExternalAPIUsedWithUntrustedData
import ExternalAPIUsedWithUntrustedDataCustomizations::ExternalApiUsedWithUntrustedData
/** Flow label for objects from which a tainted value is reachable. */
private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel {
@@ -59,18 +59,24 @@ class Configuration extends TaintTracking::Configuration {
}
/** A node representing data being passed to an external API. */
class ExternalAPIDataNode extends DataFlow::Node {
ExternalAPIDataNode() { this instanceof Sink }
class ExternalApiDataNode extends DataFlow::Node {
ExternalApiDataNode() { this instanceof Sink }
}
/** DEPRECATED: Alias for ExternalApiDataNode */
deprecated class ExternalAPIDataNode = ExternalApiDataNode;
/** A node representing untrusted data being passed to an external API. */
class UntrustedExternalAPIDataNode extends ExternalAPIDataNode {
UntrustedExternalAPIDataNode() { any(Configuration c).hasFlow(_, this) }
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
UntrustedExternalApiDataNode() { any(Configuration c).hasFlow(_, this) }
/** Gets a source of untrusted data which is passed to this external API data node. */
DataFlow::Node getAnUntrustedSource() { any(Configuration c).hasFlow(result, this) }
}
/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
/**
* Name of an external API sink, boxed in a newtype for consistency with other languages.
*/
@@ -83,9 +89,9 @@ private newtype TExternalApi =
}
/** An external API which is used with untrusted data. */
class ExternalAPIUsedWithUntrustedData extends TExternalApi {
class ExternalApiUsedWithUntrustedData extends TExternalApi {
/** Gets a possibly untrusted use of this external API. */
UntrustedExternalAPIDataNode getUntrustedDataNode() {
UntrustedExternalApiDataNode getUntrustedDataNode() {
this = MkExternalApiNode(result.(Sink).getApiName())
}
@@ -97,3 +103,6 @@ class ExternalAPIUsedWithUntrustedData extends TExternalApi {
/** Gets a textual representation of this element. */
string toString() { this = MkExternalApiNode(result) }
}
/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

7
javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll
View File

@@ -35,10 +35,13 @@ module ImproperCodeSanitization {
/**
* A call to `JSON.stringify()` seen as a source for improper code sanitization
*/
class JSONStringifyAsSource extends Source {
JSONStringifyAsSource() { this instanceof JsonStringifyCall }
class JsonStringifyAsSource extends Source {
JsonStringifyAsSource() { this instanceof JsonStringifyCall }
}
/** DEPRECATED: Alias for JsonStringifyAsSource */
deprecated class JSONStringifyAsSource = JsonStringifyAsSource;
/**
* A leaf in a string-concatenation, where the string-concatenation constructs code that looks like a function.
*/

31
javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll
View File

@@ -47,16 +47,22 @@ module InsecureDownload {
/**
* A flow-label for file URLs that are both sensitive and downloaded over an insecure connection.
*/
class SensitiveInsecureURL extends DataFlow::FlowLabel {
SensitiveInsecureURL() { this = "sensitiveInsecure" }
class SensitiveInsecureUrl extends DataFlow::FlowLabel {
SensitiveInsecureUrl() { this = "sensitiveInsecure" }
}
/** DEPRECATED: Alias for SensitiveInsecureUrl */
deprecated class SensitiveInsecureURL = SensitiveInsecureUrl;
/**
* A flow-label for a URL that is downloaded over an insecure connection.
*/
class InsecureURL extends DataFlow::FlowLabel {
InsecureURL() { this = "insecure" }
class InsecureUrl extends DataFlow::FlowLabel {
InsecureUrl() { this = "insecure" }
}
/** DEPRECATED: Alias for InsecureUrl */
deprecated class InsecureURL = InsecureUrl;
}
/**
@@ -72,10 +78,10 @@ module InsecureDownload {
}
override DataFlow::FlowLabel getALabel() {
result instanceof Label::InsecureURL
result instanceof Label::InsecureUrl
or
hasUnsafeExtension(str) and
result instanceof Label::SensitiveInsecureURL
result instanceof Label::SensitiveInsecureUrl
}
}
@@ -106,21 +112,24 @@ module InsecureDownload {
* A url downloaded by a client-request, seen as a sink for download of
* sensitive file through insecure connection.
*/
class ClientRequestURL extends Sink {
class ClientRequestUrl extends Sink {
ClientRequest request;
ClientRequestURL() { this = request.getUrl() }
ClientRequestUrl() { this = request.getUrl() }
override DataFlow::Node getDownloadCall() { result = request }
override DataFlow::FlowLabel getALabel() {
result instanceof Label::SensitiveInsecureURL
result instanceof Label::SensitiveInsecureUrl
or
hasUnsafeExtension(request.getASavePath().getStringValue()) and
result instanceof Label::InsecureURL
result instanceof Label::InsecureUrl
}
}
/** DEPRECATED: Alias for ClientRequestUrl */
deprecated class ClientRequestURL = ClientRequestUrl;
/**
* Gets a node for the response from `request`, type-tracked using `t`.
*/
@@ -145,7 +154,7 @@ module InsecureDownload {
)
}
override DataFlow::FlowLabel getALabel() { result instanceof Label::InsecureURL }
override DataFlow::FlowLabel getALabel() { result instanceof Label::InsecureUrl }
override DataFlow::Node getDownloadCall() { result = request }
}

8
javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll
View File

@@ -10,12 +10,12 @@ import javascript
import InsecureDownloadCustomizations::InsecureDownload
// Materialize flow labels
private class ConcreteSensitiveInsecureURL extends Label::SensitiveInsecureURL {
ConcreteSensitiveInsecureURL() { this = this }
private class ConcreteSensitiveInsecureUrl extends Label::SensitiveInsecureUrl {
ConcreteSensitiveInsecureUrl() { this = this }
}
private class ConcreteInsecureURL extends Label::InsecureURL {
ConcreteInsecureURL() { this = this }
private class ConcreteInsecureUrl extends Label::InsecureUrl {
ConcreteInsecureUrl() { this = this }
}
/**

6
javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll
View File

@@ -30,13 +30,13 @@ module NosqlInjection {
*/
abstract class Sanitizer extends DataFlow::Node { }
/** A source of remote user input, considered as a flow source for NoSQL injection. */
/** A source of remote user input, considered as a flow source for NoSql injection. */
class RemoteFlowSourceAsSource extends Source {
RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
}
/** An expression interpreted as a NoSQL query, viewed as a sink. */
/** An expression interpreted as a NoSql query, viewed as a sink. */
class NosqlQuerySink extends Sink, DataFlow::ValueNode {
override NoSQL::Query astNode;
override NoSql::Query astNode;
}
}

2
javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll
View File

@@ -44,7 +44,7 @@ class Configuration extends TaintTracking::Configuration {
// additional flow step to track taint through NoSQL query objects
inlbl = TaintedObject::label() and
outlbl = TaintedObject::label() and
exists(NoSQL::Query query, DataFlow::SourceNode queryObj |
exists(NoSql::Query query, DataFlow::SourceNode queryObj |
queryObj.flowsToExpr(query) and
queryObj.flowsTo(trg) and
src = queryObj.getAPropertyWrite().getRhs()

4
javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
View File

@@ -101,11 +101,11 @@ class ClientSideRemoteFlowKind extends string {
* `name` and `address` of global variable `user` should be considered as remote flow sources with
* source type "user input".
*/
private class RemoteFlowSourceAccessPath extends JSONString {
private class RemoteFlowSourceAccessPath extends JsonString {
string sourceType;
RemoteFlowSourceAccessPath() {
exists(JSONObject specs |
exists(JsonObject specs |
specs.isTopLevel() and
this.getFile().getBaseName() = "codeql-javascript-remote-flow-sources.json" and
this = specs.getPropValue(sourceType).getElementValue(_) and

16
javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll
View File

@@ -139,17 +139,20 @@ module UnsafeHtmlConstruction {
/**
* A string-concatenation of HTML, where the result is used as an XSS sink.
*/
class HTMLConcatenationSink extends XssSink, StringOps::HtmlConcatenationLeaf {
HTMLConcatenationSink() { isUsedInXssSink(xssSink) = this.getRoot() }
class HtmlConcatenationSink extends XssSink, StringOps::HtmlConcatenationLeaf {
HtmlConcatenationSink() { isUsedInXssSink(xssSink) = this.getRoot() }
override string describe() { result = "HTML construction" }
}
/** DEPRECATED: Alias for HtmlConcatenationSink */
deprecated class HTMLConcatenationSink = HtmlConcatenationSink;
/**
* A string parsed as XML, which is later used in an XSS sink.
*/
class XMLParsedSink extends XssSink {
XMLParsedSink() {
class XmlParsedSink extends XssSink {
XmlParsedSink() {
exists(XML::ParserInvocation parser |
this.asExpr() = parser.getSourceArgument() and
isUsedInXssSink(xssSink) = parser.getAResult()
@@ -159,6 +162,9 @@ module UnsafeHtmlConstruction {
override string describe() { result = "XML parsing" }
}
/** DEPRECATED: Alias for XmlParsedSink */
deprecated class XMLParsedSink = XmlParsedSink;
/**
* A string rendered as markdown, where the rendering preserves HTML.
*/
@@ -166,7 +172,7 @@ module UnsafeHtmlConstruction {
MarkdownSink() {
exists(DataFlow::Node pred, DataFlow::Node succ, Markdown::MarkdownStep step |
step.step(pred, succ) and
step.preservesHTML() and
step.preservesHtml() and
this = pred and
succ = isUsedInXssSink(xssSink)
)

4
javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll
View File

@@ -199,7 +199,7 @@ module UnsafeJQueryPlugin {
DataFlow::PropRead finalRead
|
hasDefaultOption(plugin, defaultDef) and
defaultDef = getALikelyHTMLWrite(finalRead.getPropertyName()) and
defaultDef = getALikelyHtmlWrite(finalRead.getPropertyName()) and
finalRead.flowsTo(sink) and
sink.getTopLevel() = plugin.getTopLevel()
)
@@ -209,7 +209,7 @@ module UnsafeJQueryPlugin {
* Gets a property-write that writes a HTML-like constant string to `prop`.
*/
pragma[noinline]
private DataFlow::PropWrite getALikelyHTMLWrite(string prop) {
private DataFlow::PropWrite getALikelyHtmlWrite(string prop) {
exists(string default |
result.getRhs().mayHaveStringValue(default) and
default.regexpMatch("\\s*<.*") and

25
javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -88,8 +88,8 @@ module Shared {
* A sanitizer guard that checks for the existence of HTML chars in a string.
* E.g. `/["'&<>]/.exec(str)`.
*/
class ContainsHTMLGuard extends SanitizerGuard, StringOps::RegExpTest {
ContainsHTMLGuard() {
class ContainsHtmlGuard extends SanitizerGuard, StringOps::RegExpTest {
ContainsHtmlGuard() {
exists(RegExpCharacterClass regExp |
regExp = this.getRegExp() and
forall(string s | s = ["\"", "&", "<", ">"] | regExp.getAMatchedString() = s)
@@ -101,10 +101,13 @@ module Shared {
}
}
/** DEPRECATED: Alias for ContainsHtmlGuard */
deprecated class ContainsHTMLGuard = ContainsHtmlGuard;
/**
* Holds if `str` is used in a switch-case that has cases matching HTML escaping.
*/
private predicate isUsedInHTMLEscapingSwitch(Expr str) {
private predicate isUsedInHtmlEscapingSwitch(Expr str) {
exists(SwitchStmt switch |
// "\"".charCodeAt(0) == 34, "&".charCodeAt(0) == 38, "<".charCodeAt(0) == 60
forall(int c | c = [34, 38, 60] | c = switch.getACase().getExpr().getIntValue()) and
@@ -133,7 +136,7 @@ module Shared {
* The `pragma[noinline]` is to avoid materializing a cartesian product.
*/
pragma[noinline]
private SsaVariable getAPathEscapedInSwitch() { isUsedInHTMLEscapingSwitch(result.getAUse()) }
private SsaVariable getAPathEscapedInSwitch() { isUsedInHtmlEscapingSwitch(result.getAUse()) }
/**
* An expression that is sanitized by a switch-case.
@@ -257,11 +260,11 @@ module DomBasedXss {
class DomSink extends Sink {
DomSink() {
// Call to a DOM function that inserts its argument into the DOM
any(DomMethodCallExpr call).interpretsArgumentsAsHTML(this.asExpr())
any(DomMethodCallExpr call).interpretsArgumentsAsHtml(this.asExpr())
or
// Assignment to a dangerous DOM property
exists(DomPropWriteNode pw |
pw.interpretsValueAsHTML() and
pw.interpretsValueAsHtml() and
this = DataFlow::valueNode(pw.getRhs())
)
or
@@ -302,7 +305,7 @@ module DomBasedXss {
class DangerouslySetInnerHtmlSink extends Sink, DataFlow::ValueNode {
DangerouslySetInnerHtmlSink() {
exists(DataFlow::Node danger, DataFlow::SourceNode valueSrc |
exists(JSXAttribute attr |
exists(JsxAttribute attr |
attr.getName() = "dangerouslySetInnerHTML" and
attr.getValue() = danger.asExpr()
)
@@ -323,7 +326,7 @@ module DomBasedXss {
*/
class TooltipSink extends Sink {
TooltipSink() {
exists(JSXElement el |
exists(JsxElement el |
el.getAttributeByName("data-html").getStringValue() = "true" or
el.getAttributeByName("data-html").getValue().mayHaveBooleanValue(true)
|
@@ -446,7 +449,7 @@ module DomBasedXss {
)
}
private class ContainsHTMLGuard extends SanitizerGuard, Shared::ContainsHTMLGuard { }
private class ContainsHtmlGuard extends SanitizerGuard, Shared::ContainsHtmlGuard { }
}
/** Provides classes and predicates for the reflected XSS query. */
@@ -555,7 +558,7 @@ module ReflectedXss {
private class QuoteGuard extends SanitizerGuard, Shared::QuoteGuard { }
private class ContainsHTMLGuard extends SanitizerGuard, Shared::ContainsHTMLGuard { }
private class ContainsHtmlGuard extends SanitizerGuard, Shared::ContainsHtmlGuard { }
}
/** Provides classes and predicates for the stored XSS query. */
@@ -595,7 +598,7 @@ module StoredXss {
private class QuoteGuard extends SanitizerGuard, Shared::QuoteGuard { }
private class ContainsHTMLGuard extends SanitizerGuard, Shared::ContainsHTMLGuard { }
private class ContainsHtmlGuard extends SanitizerGuard, Shared::ContainsHtmlGuard { }
}
/** Provides classes and predicates for the XSS through DOM query. */

11
javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll
View File

@@ -88,8 +88,8 @@ module XssThroughDom {
/**
* A source for text from the DOM from a DOM property read or call to `getAttribute()`.
*/
class DOMTextSource extends Source {
DOMTextSource() {
class DomTextSource extends Source {
DomTextSource() {
exists(DataFlow::PropRead read | read = this |
read.getBase().getALocalSource() = DOM::domValueRef() and
read.mayHavePropertyName(unsafeDomPropertyName())
@@ -103,6 +103,9 @@ module XssThroughDom {
}
}
/** DEPRECATED: Alias for DomTextSource */
deprecated class DOMTextSource = DomTextSource;
/**
* A test of form `typeof x === "something"`, preventing `x` from being a string in some cases.
*
@@ -149,7 +152,7 @@ module XssThroughDom {
*/
class FormikSource extends Source {
FormikSource() {
exists(JSXElement elem |
exists(JsxElement elem |
formik().getAPropertyRead("Formik").flowsToExpr(elem.getNameExpr())
|
this =
@@ -176,7 +179,7 @@ module XssThroughDom {
*/
class ReactFinalFormSource extends Source {
ReactFinalFormSource() {
exists(JSXElement elem |
exists(JsxElement elem |
DataFlow::moduleMember("react-final-form", "Form").flowsToExpr(elem.getNameExpr())
|
this =