hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main

Browse Source
This commit is contained in:
Asger F
2024-11-26 15:36:16 +01:00
parent d52bc971b8 c2e9dca1de
commit 82d61e4194
25 changed files with 404 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
View File

@@ -17,6 +17,7 @@ legacyDataFlowDifference
| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library |
| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library |
| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library |
| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | only flow with OLD data flow library |
| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library |
| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library |
| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library |
@@ -109,7 +110,6 @@ flow
| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() |
| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x |
| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x |
| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint |
| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint |
| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x |
| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x |

2
javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
View File

@@ -11,6 +11,7 @@ legacyDataFlowDifference
| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library |
| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library |
| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library |
| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | only flow with OLD data flow library |
| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library |
| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library |
| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library |
@@ -84,7 +85,6 @@ flow
| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() |
| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x |
| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x |
| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint |
| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint |
| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x |
| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x |

2
javascript/ql/test/library-tests/TaintTracking/capture-flow.js
View File

@@ -120,7 +120,7 @@ global.doEscape(testEscapeViaReturn(source()));
function ordering() {
var orderingTaint;
global.addEventListener('click', () => {
sink(orderingTaint); // NOT OK
sink(orderingTaint); // NOT OK [INCONSISTENCY]
});
global.addEventListener('load', () => {
orderingTaint = source();

81
javascript/ql/test/library-tests/TripleDot/exceptions.js Normal file
View File

@@ -0,0 +1,81 @@
import 'dummy';
function e1() {
let array = [source('e1.1')];
try {
array.forEach(x => {
throw x;
});
array.forEach(x => {
throw source('e1.2');
});
array.forEach(() => {
throw source('e1.3'); // Same as e1.2 but without callback parameters
});
} catch (err) {
sink(err); // $ hasValueFlow=e1.2 hasValueFlow=e1.3 hasValueFlow=e1.1
}
}
function e2() {
let array = [source('e2.1')];
try {
array.unknown(x => {
throw x;
});
array.unknown(x => {
throw source('e2.2');
});
} catch (err) {
sink(err); // $ hasValueFlow=e2.2
}
}
function e3() {
const events = getSomething();
try {
events.addEventListener('click', () =>{
throw source('e3.1');
});
events.addListener('click', () =>{
throw source('e3.2');
});
events.on('click', () =>{
throw source('e3.3');
});
events.unknownMethod('click', () =>{
throw source('e3.4');
});
} catch (err) {
sink(err); // $ hasValueFlow=e3.4
}
}
function e4() {
function thrower(array) {
array.forEach(x => { throw x });
}
try {
thrower([source("e4.1")]);
} catch (e) {
sink(e); // $ hasValueFlow=e4.1
}
try {
thrower(["safe"]);
} catch (e) {
sink(e);
}
}
async function e5() {
try {
Promise.resolve(0).finally(() => {
throw source("e5.1");
});
await Promise.resolve(0).finally(() => {
throw source("e5.2");
});
} catch (e) {
sink(e); // $ hasValueFlow=e5.2
}
}

82
javascript/ql/test/library-tests/TripleDot/iife.js Normal file
View File

@@ -0,0 +1,82 @@
function f1() {
function inner(x) {
return (function(p) {
return p; // argument to return
})(x);
}
sink(inner(source("f1.1"))); // $ hasValueFlow=f1.1
sink(inner(source("f1.2"))); // $ hasValueFlow=f1.2
}
function f2() {
function inner(x) {
let y;
(function(p) {
y = p; // parameter to captured variable
})(x);
return y;
}
sink(inner(source("f2.1"))); // $ hasValueFlow=f2.1
sink(inner(source("f2.2"))); // $ hasValueFlow=f2.2
}
function f3() {
function inner(x) {
return (function() {
return x; // captured variable to return
})();
}
sink(inner(source("f3.1"))); // $ hasValueFlow=f3.1
sink(inner(source("f3.2"))); // $ hasValueFlow=f3.2
}
function f4() {
function inner(x) {
let y;
(function() {
y = x; // captured variable to captured variable
})();
return y;
}
sink(inner(source("f4.1"))); // $ hasValueFlow=f4.1
sink(inner(source("f4.2"))); // $ hasValueFlow=f4.2
}
function f5() {
function inner(x) {
let y;
function nested(p) {
y = p;
}
nested(x);
return y;
}
sink(inner(source("f5.1"))); // $ hasValueFlow=f5.1
sink(inner(source("f5.2"))); // $ hasValueFlow=f5.2
}
function f6() {
function inner(x) {
let y;
function nested(p) {
y = p;
}
(nested)(x); // same as f5, except the callee is parenthesised here
return y;
}
sink(inner(source("f6.1"))); // $ hasValueFlow=f6.1
sink(inner(source("f6.2"))); // $ hasValueFlow=f6.2
}
function f7() {
function inner(x) {
let y;
let nested = (function (p) {
y = p;
});
nested(x); // same as f5, except the function definition is parenthesised
return y;
}
sink(inner(source("f7.1"))); // $ hasValueFlow=f7.1
sink(inner(source("f7.2"))); // $ hasValueFlow=f7.2
}