hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 15:25:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added modeling underscore.string array to string functions.

Browse Source
This commit is contained in:
Napalys
2025-03-17 12:55:53 +01:00
parent cd40b6f125
commit 6b105b2f49
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/lib/ext/underscore.string.model.yml
View File

@@ -5,3 +5,4 @@ extensions:
data:
- ["'underscore.string'", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,map]", "Argument[0]", "ReturnValue", "taint"]
- ["'underscore.string'", "Member[chop,chars,words,lines]", "Argument[0]", "ReturnValue", "taint"]
- ["'underscore.string'", "Member[toSentence,toSentenceSerial]", "Argument[0].ArrayElement", "ReturnValue", "taint"]

4
javascript/ql/test/library-tests/TripleDot/underscore.string.js
View File

@@ -42,6 +42,6 @@ function strToArray() {
}
function arrayToStr() {
sink(s.toSentence([source("s1")])); // $ MISSING: hasTaintFlow=s1
sink(s.toSentenceSerial([source("s2")])); // $ MISSING: hasTaintFlow=s2
sink(s.toSentence([source("s1")])); // $ hasTaintFlow=s1
sink(s.toSentenceSerial([source("s2")])); // $ hasTaintFlow=s2
}