mirror of
https://github.com/github/codeql.git
synced 2026-05-01 19:55:15 +02:00
assume that all pipe elements that return something, return outputs
This commit is contained in:
Erik Krogh Kristensen
@@ -34,7 +34,8 @@ private DataFlow::Node pipeInput(DataFlow::CallNode pipe) {
|
||||
* the pipe.
|
||||
*/
|
||||
private DataFlow::Node pipeOutput(DataFlow::CallNode pipe) {
|
||||
pipe = DataFlow::moduleMember("rxjs/operators", "map").getACall() and
|
||||
// we assume if there is a return, it is an output.
|
||||
pipe = DataFlow::moduleMember("rxjs/operators", _).getACall() and
|
||||
result = pipe.getCallback(0).getReturnNode()
|
||||
or
|
||||
pipe = DataFlow::moduleMember("rxjs/operators", "filter").getACall() and
|
||||
|
||||
@@ -112,6 +112,8 @@ typeInferenceMismatch
|
||||
| rxjs.js:13:1:13:8 | source() | rxjs.js:17:23:17:23 | x |
|
||||
| rxjs.js:13:1:13:8 | source() | rxjs.js:18:23:18:23 | x |
|
||||
| rxjs.js:13:1:13:8 | source() | rxjs.js:22:14:22:17 | data |
|
||||
| rxjs.js:27:24:27:32 | source(x) | rxjs.js:29:23:29:23 | x |
|
||||
| rxjs.js:27:24:27:32 | source(x) | rxjs.js:34:14:34:17 | data |
|
||||
| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:14:10:14:14 | taint |
|
||||
| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:33:14:33:18 | taint |
|
||||
| sanitizer-guards.js:2:11:2:18 | source() | sanitizer-guards.js:4:8:4:8 | x |
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { map, tap, catchError } from 'rxjs/operators';
|
||||
import { map, tap, catchError, switchMap, filter } from 'rxjs/operators';
|
||||
|
||||
source()
|
||||
.pipe(
|
||||
@@ -21,3 +21,15 @@ source()
|
||||
.subscribe(data => {
|
||||
sink(data)
|
||||
});
|
||||
|
||||
myIdentifier()
|
||||
.pipe(
|
||||
switchMap(x => source(x)),
|
||||
filter(x => myFilter(x)),
|
||||
tap(x => sink(x)),
|
||||
catchError(err => {}),
|
||||
map(x => x + 'foo')
|
||||
)
|
||||
.subscribe(data => {
|
||||
sink(data)
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user