hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Use type tracking instead of tracked nodes in Express.

Browse Source
This commit is contained in:
Max Schaefer
2019-03-07 10:45:43 +00:00
parent 276f216ef9
commit 74db8b1979
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/src/semmle/javascript/frameworks/Electron.qll
View File

@@ -16,7 +16,7 @@ module Electron {
/**
* An instantiation of `BrowserWindow` or `BrowserView`.
*/
abstract private class NewBrowserObject extends BrowserObject, DataFlow::SourceNode {
abstract private class NewBrowserObject extends BrowserObject {
DataFlow::NewNode self;
NewBrowserObject() { this = self }
@@ -56,11 +56,20 @@ module Electron {
}
}
private DataFlow::SourceNode browserObject(DataFlow::TypeTracker t) {
t.start() and
result instanceof NewBrowserObject
or
exists(DataFlow::TypeTracker prev |
result = browserObject(prev).track(prev, t)
)
}
/**
* A data flow node whose value may originate from a browser object instantiation.
*/
private class BrowserObjectByFlow extends BrowserObject {
BrowserObjectByFlow() { any(NewBrowserObject nbo).flowsTo(this) }
BrowserObjectByFlow() { browserObject(_).flowsTo(this) }
}
/**