mirror of
https://github.com/github/codeql.git
synced 2026-05-01 03:35:13 +02:00
Merge pull request #8422 from erik-krogh/depMore
JS: Address some code that weren't affecting any query result
This commit is contained in:
Erik Krogh Kristensen
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* Some predicates from `DefUse.qll`, `DataFlow.qll`, `TaintTracking.qll`, `DOM.qll`, `Definitions.qll` that weren't used by any query have been deprecated.
|
||||
The documentation for each predicate points to an alternative.
|
||||
@@ -249,8 +249,9 @@ class VarUse extends ControlFlowNode, @varref {
|
||||
/**
|
||||
* Holds if the definition of `v` in `def` reaches `use` along some control flow path
|
||||
* without crossing another definition of `v`.
|
||||
* DEPRECATED: Use the `SSA.qll` library instead.
|
||||
*/
|
||||
predicate definitionReaches(Variable v, VarDef def, VarUse use) {
|
||||
deprecated predicate definitionReaches(Variable v, VarDef def, VarUse use) {
|
||||
v = use.getVariable() and
|
||||
exists(BasicBlock bb, int i, int next | next = nextDefAfter(bb, v, i, def) |
|
||||
exists(int j | j in [i + 1 .. next - 1] | bb.useAt(j, v, use))
|
||||
@@ -265,16 +266,20 @@ predicate definitionReaches(Variable v, VarDef def, VarUse use) {
|
||||
/**
|
||||
* Holds if the definition of local variable `v` in `def` reaches `use` along some control flow path
|
||||
* without crossing another definition of `v`.
|
||||
* DEPRECATED: Use the `SSA.qll` library instead.
|
||||
*/
|
||||
predicate localDefinitionReaches(LocalVariable v, VarDef def, VarUse use) {
|
||||
deprecated predicate localDefinitionReaches(LocalVariable v, VarDef def, VarUse use) {
|
||||
exists(SsaExplicitDefinition ssa |
|
||||
ssa.defines(def, v) and
|
||||
ssa = getAPseudoDefinitionInput*(use.getSsaVariable().getDefinition())
|
||||
)
|
||||
}
|
||||
|
||||
/** Holds if `nd` is a pseudo-definition and the result is one of its inputs. */
|
||||
private SsaDefinition getAPseudoDefinitionInput(SsaDefinition nd) {
|
||||
/**
|
||||
* Holds if `nd` is a pseudo-definition and the result is one of its inputs.
|
||||
* DEPRECATED: Use the `SSA.qll` library instead.
|
||||
*/
|
||||
deprecated private SsaDefinition getAPseudoDefinitionInput(SsaDefinition nd) {
|
||||
result = nd.(SsaPseudoDefinition).getAnInput()
|
||||
}
|
||||
|
||||
@@ -282,7 +287,7 @@ private SsaDefinition getAPseudoDefinitionInput(SsaDefinition nd) {
|
||||
* Holds if `d` is a definition of `v` at index `i` in `bb`, and the result is the next index
|
||||
* in `bb` after `i` at which the same variable is defined, or `bb.length()` if there is none.
|
||||
*/
|
||||
private int nextDefAfter(BasicBlock bb, Variable v, int i, VarDef d) {
|
||||
deprecated private int nextDefAfter(BasicBlock bb, Variable v, int i, VarDef d) {
|
||||
bb.defAt(i, v, d) and
|
||||
result =
|
||||
min(int jj |
|
||||
@@ -296,8 +301,9 @@ private int nextDefAfter(BasicBlock bb, Variable v, int i, VarDef d) {
|
||||
*
|
||||
* This is the case if there is a path from `earlier` to `later` that does not cross
|
||||
* another definition of `v`.
|
||||
* DEPRECATED: Use the `SSA.qll` library instead.
|
||||
*/
|
||||
predicate localDefinitionOverwrites(LocalVariable v, VarDef earlier, VarDef later) {
|
||||
deprecated predicate localDefinitionOverwrites(LocalVariable v, VarDef earlier, VarDef later) {
|
||||
exists(BasicBlock bb, int i, int next | next = nextDefAfter(bb, v, i, earlier) |
|
||||
bb.defAt(next, v, later)
|
||||
or
|
||||
|
||||
@@ -1718,5 +1718,5 @@ module DataFlow {
|
||||
import TypeTracking
|
||||
import internal.FunctionWrapperSteps
|
||||
|
||||
predicate localTaintStep = TaintTracking::localTaintStep/2;
|
||||
deprecated predicate localTaintStep = TaintTracking::localTaintStep/2;
|
||||
}
|
||||
|
||||
@@ -429,9 +429,10 @@ module TaintTracking {
|
||||
|
||||
/**
|
||||
* Holds if `pred -> succ` is a taint propagating data flow edge through a string operation.
|
||||
* DEPRECATED: Use `stringConcatenationStep` and `stringManipulationStep` instead.
|
||||
*/
|
||||
pragma[inline]
|
||||
predicate stringStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
deprecated predicate stringStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
stringConcatenationStep(pred, succ) or
|
||||
stringManipulationStep(pred, succ)
|
||||
}
|
||||
@@ -1242,8 +1243,9 @@ module TaintTracking {
|
||||
|
||||
/**
|
||||
* Holds if taint propagates from `pred` to `succ` in one local (intra-procedural) step.
|
||||
* DEPRECATED: Use `TaintTracking::sharedTaintStep` and `DataFlow::Node::getALocalSource()` instead.
|
||||
*/
|
||||
predicate localTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
deprecated predicate localTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
DataFlow::localFlowStep(pred, succ) or
|
||||
sharedTaintStep(pred, succ)
|
||||
}
|
||||
|
||||
@@ -32,15 +32,22 @@ predicate isLocation(Expr e) {
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use DOM::documentRef() instead.
|
||||
* Gets a reference to the 'document' object.
|
||||
*/
|
||||
DataFlow::SourceNode document() { result = DOM::documentRef() }
|
||||
deprecated DataFlow::SourceNode document() { result = DOM::documentRef() }
|
||||
|
||||
/** Holds if `e` could refer to the `document` object. */
|
||||
predicate isDocument(Expr e) { DOM::documentRef().flowsToExpr(e) }
|
||||
/**
|
||||
* DEPRECATED: Use DOM::documentRef() instead.
|
||||
* Holds if `e` could refer to the `document` object.
|
||||
*/
|
||||
deprecated predicate isDocument(Expr e) { DOM::documentRef().flowsToExpr(e) }
|
||||
|
||||
/** Holds if `e` could refer to the document URL. */
|
||||
predicate isDocumentUrl(Expr e) { e.flow() = DOM::locationSource() }
|
||||
/**
|
||||
* DEPRECATED: Use DOM::locationSource() instead.
|
||||
* Holds if `e` could refer to the document URL.
|
||||
*/
|
||||
deprecated predicate isDocumentUrl(Expr e) { e.flow() = DOM::locationSource() }
|
||||
|
||||
/** DEPRECATED: Alias for isDocumentUrl */
|
||||
deprecated predicate isDocumentURL = isDocumentUrl/1;
|
||||
|
||||
@@ -26,6 +26,11 @@ class Configuration extends TaintTracking::Configuration {
|
||||
guard instanceof TaintedObject::SanitizerGuard
|
||||
}
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
super.isSanitizer(node) or
|
||||
node instanceof Sanitizer
|
||||
}
|
||||
|
||||
override predicate isAdditionalFlowStep(
|
||||
DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
|
||||
) {
|
||||
|
||||
@@ -19,6 +19,11 @@ class Configuration extends DataFlow::Configuration {
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
|
||||
|
||||
override predicate isBarrier(DataFlow::Node node) {
|
||||
super.isBarrier(node) or
|
||||
node instanceof Sanitizer
|
||||
}
|
||||
|
||||
override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
|
||||
exists(Base64::Encode encode | src = encode.getInput() and trg = encode.getOutput())
|
||||
or
|
||||
|
||||
@@ -31,4 +31,9 @@ class Configuration extends DataFlow::Configuration {
|
||||
override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
|
||||
sink.(Sink).getALabel() = label
|
||||
}
|
||||
|
||||
override predicate isBarrier(DataFlow::Node node) {
|
||||
super.isBarrier(node) or
|
||||
node instanceof Sanitizer
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,6 +34,8 @@ module UnvalidatedDynamicMethodCall {
|
||||
|
||||
/**
|
||||
* A sanitizer for unvalidated dynamic method calls.
|
||||
* Override the `sanitizes` predicate to specify an edge that should be sanitized.
|
||||
* The `this` value is not seen as a sanitizer.
|
||||
*/
|
||||
abstract class Sanitizer extends DataFlow::Node {
|
||||
abstract predicate sanitizes(DataFlow::Node source, DataFlow::Node sink, DataFlow::FlowLabel lbl);
|
||||
|
||||
@@ -38,7 +38,11 @@ class Configuration extends TaintTracking::Configuration {
|
||||
sink.(Sink).getFlowLabel() = label
|
||||
}
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node nd) { super.isSanitizer(nd) }
|
||||
override predicate isSanitizerEdge(
|
||||
DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel lbl
|
||||
) {
|
||||
any(Sanitizer s).sanitizes(pred, succ, lbl)
|
||||
}
|
||||
|
||||
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
|
||||
guard instanceof NumberGuard or
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
import javascript
|
||||
|
||||
/** An identifier appearing in a defining position. */
|
||||
class DefiningIdentifier extends Identifier {
|
||||
/**
|
||||
* DEPRECATED: Use `SsaDefinition` from `SSA.qll` instead.
|
||||
* An identifier appearing in a defining position.
|
||||
*/
|
||||
deprecated class DefiningIdentifier extends Identifier {
|
||||
DefiningIdentifier() {
|
||||
this instanceof VarDecl or
|
||||
exists(Assignment assgn | this = assgn.getLhs()) or
|
||||
|
||||
@@ -23,6 +23,11 @@ module ResourceExhaustion {
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
super.isSanitizer(node) or
|
||||
node instanceof Sanitizer
|
||||
}
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) {
|
||||
isNumericFlowStep(src, dst)
|
||||
or
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_AccessorMethods(AccessorMethodDefinition amd) { any() }
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_ClassDefinition_getName(ClassDefinition cd, string res) { res = cd.getName() }
|
||||
@@ -1,5 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_ClassDefinition_getSuperClass(ClassDefinition cd, Expr res) {
|
||||
res = cd.getSuperClass()
|
||||
}
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_ClassDefinitions(ClassDefinition cd) { any() }
|
||||
@@ -1,17 +0,0 @@
|
||||
import javascript
|
||||
|
||||
class Configuration extends DataFlow::Configuration {
|
||||
Configuration() { this = "ClassDataFlowTestingConfig" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
source.getEnclosingExpr().(StringLiteral).getValue().toLowerCase() = "source"
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() = sink
|
||||
}
|
||||
}
|
||||
|
||||
query predicate dataflow(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
any(Configuration c).hasFlow(pred, succ)
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_ClassNodeConstructor(DataFlow::ClassNode class_, DataFlow::FunctionNode res) {
|
||||
res = class_.getConstructor()
|
||||
}
|
||||
@@ -1,7 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_ClassNodeInstanceMethod(
|
||||
DataFlow::ClassNode class_, string name, DataFlow::FunctionNode res
|
||||
) {
|
||||
res = class_.getInstanceMethod(name)
|
||||
}
|
||||
@@ -1,7 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_ClassNodeStaticMethod(
|
||||
DataFlow::ClassNode class_, string name, DataFlow::FunctionNode res
|
||||
) {
|
||||
res = class_.getStaticMethod(name)
|
||||
}
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_ComputedMethods(MethodDefinition md) { md.isComputed() }
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_ConstructorDefinitions(ConstructorDefinition cd) { any() }
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_FieldInits(FieldDefinition field, Expr res) { res = field.getInit() }
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_Fields(FieldDefinition field, Expr res) { res = field.getNameExpr() }
|
||||
@@ -1,7 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_MethodDefinitions(
|
||||
MethodDefinition md, Expr res0, FunctionExpr res1, ClassDefinition res2
|
||||
) {
|
||||
res0 = md.getNameExpr() and res1 = md.getBody() and res2 = md.getDeclaringClass()
|
||||
}
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_MethodNames(MethodDefinition md, string res) { res = md.getName() }
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_NewTargetExpr(NewTargetExpr e) { any() }
|
||||
@@ -1,6 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query string getAccessModifier(DataFlow::PropRef ref, Expr prop) {
|
||||
prop = ref.getPropertyNameExpr() and
|
||||
if ref.isPrivateField() then result = "Private" else result = "Public"
|
||||
}
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_StaticMethods(MethodDefinition md) { md.isStatic() }
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_SuperExpr(SuperExpr s) { any() }
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_SyntheticConstructors(ConstructorDefinition cd) { cd.isSynthetic() }
|
||||
@@ -1,3 +0,0 @@
|
||||
import javascript
|
||||
|
||||
query predicate test_getAMember(ClassDefinition c, MemberDeclaration res) { res = c.getAMember() }
|
||||
@@ -1,35 +1,30 @@
|
||||
| classes.js:1:1:2:1 | class Foo {\\n} | classes.js:4:1:4:3 | Foo |
|
||||
| classes.js:7:5:8:5 | class L ... {\\n } | classes.js:10:5:10:12 | LocalFoo |
|
||||
| es2015.js:1:10:1:11 | fn | es2015.js:2:3:2:4 | fn |
|
||||
| es2015.js:5:16:5:16 | i | es2015.js:5:32:5:32 | i |
|
||||
| es2015.js:5:16:5:16 | i | es2015.js:5:34:5:34 | i |
|
||||
| es2015modules.js:1:10:1:12 | foo | es2015modules.js:4:3:4:5 | foo |
|
||||
| es2015modules.js:1:15:1:24 | bar as baz | es2015modules.js:6:3:6:5 | baz |
|
||||
| es2015modules.js:10:10:10:13 | quux | es2015modules.js:7:3:7:6 | quux |
|
||||
| es2015modules.js:15:17:15:17 | f | es2015modules.js:12:1:12:1 | f |
|
||||
| es2015modules.js:16:25:16:25 | g | es2015modules.js:13:1:13:1 | g |
|
||||
| fundecls.js:3:12:3:12 | f | fundecls.js:4:3:4:3 | f |
|
||||
| fundecls.js:9:10:9:10 | s | fundecls.js:7:1:7:1 | s |
|
||||
| fundecls.js:12:12:12:12 | f | fundecls.js:10:3:10:3 | f |
|
||||
| fundecls.js:18:12:18:12 | f | fundecls.js:17:3:17:3 | f |
|
||||
| fundecls.js:23:12:23:12 | f | fundecls.js:24:3:24:3 | f |
|
||||
| fundecls.js:34:12:34:12 | f | fundecls.js:35:3:35:3 | f |
|
||||
| fundecls.js:39:11:39:11 | x | fundecls.js:40:7:40:7 | x |
|
||||
| fundecls.js:41:14:41:14 | f | fundecls.js:45:3:45:3 | f |
|
||||
| fundecls.js:43:14:43:14 | f | fundecls.js:45:3:45:3 | f |
|
||||
| fundecls.js:48:11:48:11 | x | fundecls.js:50:7:50:7 | x |
|
||||
| tst.js:1:12:1:12 | o | tst.js:3:12:3:12 | o |
|
||||
| tst.js:1:12:1:12 | o | tst.js:5:16:5:16 | o |
|
||||
| tst.js:2:9:2:14 | y = 23 | tst.js:8:17:8:17 | y |
|
||||
| tst.js:2:17:2:21 | i = 0 | tst.js:4:5:4:5 | i |
|
||||
| tst.js:2:17:2:21 | i = 0 | tst.js:7:6:7:6 | i |
|
||||
| tst.js:4:3:4:5 | ++i | tst.js:4:5:4:5 | i |
|
||||
| tst.js:4:3:4:5 | ++i | tst.js:7:6:7:6 | i |
|
||||
| tst.js:5:11:5:11 | z | tst.js:6:7:6:7 | z |
|
||||
| tst.js:5:11:5:11 | z | tst.js:8:14:8:14 | z |
|
||||
| tst.js:7:4:7:6 | --i | tst.js:7:6:7:6 | i |
|
||||
| tst.js:12:2:12:7 | x = 42 | tst.js:14:9:14:9 | x |
|
||||
| tst.js:19:11:19:11 | x | tst.js:18:9:18:9 | x |
|
||||
| tst.js:23:6:23:23 | {a = b, c = d} = e | tst.js:24:2:24:2 | a |
|
||||
| tst.js:23:6:23:23 | {a = b, c = d} = e | tst.js:24:6:24:6 | c |
|
||||
| tst.js:26:11:26:11 | a | tst.js:27:2:27:2 | a |
|
||||
| classes.js:7:5:8:5 | def@7:5 | classes.js:10:5:10:12 | LocalFoo |
|
||||
| es2015.js:1:10:1:11 | def@1:10 | es2015.js:2:3:2:4 | fn |
|
||||
| es2015.js:5:16:5:16 | def@5:16 | es2015.js:5:32:5:32 | i |
|
||||
| es2015.js:5:16:5:16 | def@5:16 | es2015.js:5:34:5:34 | i |
|
||||
| es2015modules.js:1:10:1:12 | def@1:10 | es2015modules.js:4:3:4:5 | foo |
|
||||
| es2015modules.js:1:15:1:24 | def@1:15 | es2015modules.js:6:3:6:5 | baz |
|
||||
| es2015modules.js:10:10:10:13 | def@10:10 | es2015modules.js:7:3:7:6 | quux |
|
||||
| es2015modules.js:15:17:15:17 | def@15:17 | es2015modules.js:12:1:12:1 | f |
|
||||
| es2015modules.js:16:25:16:25 | def@16:25 | es2015modules.js:13:1:13:1 | g |
|
||||
| fundecls.js:3:12:3:12 | def@3:12 | fundecls.js:4:3:4:3 | f |
|
||||
| fundecls.js:12:12:12:12 | def@12:12 | fundecls.js:10:3:10:3 | f |
|
||||
| fundecls.js:18:12:18:12 | def@18:12 | fundecls.js:17:3:17:3 | f |
|
||||
| fundecls.js:23:12:23:12 | def@23:12 | fundecls.js:24:3:24:3 | f |
|
||||
| fundecls.js:27:2:27:2 | implicitInit@27:2 | fundecls.js:28:3:28:3 | f |
|
||||
| fundecls.js:34:12:34:12 | def@34:12 | fundecls.js:35:3:35:3 | f |
|
||||
| fundecls.js:39:11:39:11 | def@39:11 | fundecls.js:40:7:40:7 | x |
|
||||
| fundecls.js:45:3:45:3 | phi@45:3 | fundecls.js:45:3:45:3 | f |
|
||||
| fundecls.js:48:11:48:11 | def@48:11 | fundecls.js:50:7:50:7 | x |
|
||||
| tst.js:1:12:1:12 | def@1:12 | tst.js:3:12:3:12 | o |
|
||||
| tst.js:1:12:1:12 | def@1:12 | tst.js:5:16:5:16 | o |
|
||||
| tst.js:2:9:2:14 | def@2:9 | tst.js:8:17:8:17 | y |
|
||||
| tst.js:3:2:3:2 | phi@3:2 | tst.js:4:5:4:5 | i |
|
||||
| tst.js:5:2:5:2 | phi@5:2 | tst.js:7:6:7:6 | i |
|
||||
| tst.js:5:2:5:2 | phi@5:2 | tst.js:8:14:8:14 | z |
|
||||
| tst.js:5:11:5:11 | def@5:11 | tst.js:6:7:6:7 | z |
|
||||
| tst.js:12:2:12:7 | def@12:2 | tst.js:14:9:14:9 | x |
|
||||
| tst.js:19:11:19:11 | def@19:11 | tst.js:18:9:18:9 | x |
|
||||
| tst.js:23:6:23:23 | def@23:6 | tst.js:24:2:24:2 | a |
|
||||
| tst.js:23:6:23:23 | def@23:6 | tst.js:24:6:24:6 | c |
|
||||
| tst.js:26:11:26:11 | def@26:11 | tst.js:27:2:27:2 | a |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import javascript
|
||||
|
||||
from VarDef def, VarUse use
|
||||
where definitionReaches(_, def, use)
|
||||
from SsaVariable def, VarUse use
|
||||
where def.getAUse() = use
|
||||
select def, use
|
||||
|
||||
Reference in New Issue
Block a user