JavaScript: Simplify NoSQL framework modelling.

2026-04-30 03:05:15 +02:00 · 2020-11-23 10:27:52 +00:00
parent b3ab6efd1d
commit 7a229d9381
1 changed files with 2 additions and 24 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
@@ -825,31 +825,9 @@ private module Redis {
  class RedisKeyArgument extends NoSQL::Query {
    RedisKeyArgument() {
      exists(string method, int argIndex |
-        QuerySignatures::argumentIsAmbiguousKey(method, argIndex)
-      |
-        this =
-          [promisify(redis().getMember(method)), redis().getMember(method)]
-              .getACall()
-              .getArgument(argIndex)
-              .asExpr()
+        QuerySignatures::argumentIsAmbiguousKey(method, argIndex) and
+        this = redis().getMember(method).getParameter(argIndex).getARhs().asExpr()
      )
    }
  }
-
-  /**
-   * Gets a promisified version of `method`.
-   */
-  private API::Node promisify(API::Node method) {
-    exists(API::Node promisify |
-      promisify = API::moduleImport(["util", "bluebird"]).getMember("promisify").getReturn() and
-      method
-          .getAnImmediateUse()
-          .flowsTo(promisify.getAnImmediateUse().(DataFlow::CallNode).getArgument(0))
-    |
-      result = promisify
-      or
-      result = promisify.getMember("bind").getReturn() and
-      result.getAnImmediateUse().(DataFlow::CallNode).getNumArgument() = 1
-    )
-  }
 }