mirror of
https://github.com/github/codeql.git
synced 2026-04-29 10:45:15 +02:00
run the explicit-this patch on javascript/
This commit is contained in:
Erik Krogh Kristensen
committed by
erik-krogh
erik-krogh
parent
b398f968e2
commit
90bc8a5038
@@ -474,7 +474,7 @@ class FunctionNode extends DataFlow::ValueNode, DataFlow::SourceNode {
|
||||
|
||||
/** Gets the parameter named `name` of this function, if any. */
|
||||
DataFlow::ParameterNode getParameterByName(string name) {
|
||||
result = getAParameter() and
|
||||
result = this.getAParameter() and
|
||||
result.getName() = name
|
||||
}
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ private newtype TServiceReference =
|
||||
*/
|
||||
abstract class ServiceReference extends TServiceReference {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = getName() }
|
||||
string toString() { result = this.getName() }
|
||||
|
||||
/**
|
||||
* Gets the name of this reference.
|
||||
@@ -51,13 +51,13 @@ abstract class ServiceReference extends TServiceReference {
|
||||
/**
|
||||
* Gets a call that invokes the referenced service.
|
||||
*/
|
||||
DataFlow::CallNode getACall() { result.getCalleeNode() = getAnAccess() }
|
||||
DataFlow::CallNode getACall() { result.getCalleeNode() = this.getAnAccess() }
|
||||
|
||||
/**
|
||||
* Gets a method call that invokes method `methodName` on the referenced service.
|
||||
*/
|
||||
DataFlow::MethodCallNode getAMethodCall(string methodName) {
|
||||
result.getReceiver() = getAnAccess() and
|
||||
result.getReceiver() = this.getAnAccess() and
|
||||
result.getMethodName() = methodName
|
||||
}
|
||||
|
||||
@@ -65,7 +65,7 @@ abstract class ServiceReference extends TServiceReference {
|
||||
* Gets an access to property `propertyName` on the referenced service.
|
||||
*/
|
||||
DataFlow::PropRef getAPropertyAccess(string propertyName) {
|
||||
result.getBase() = getAnAccess() and
|
||||
result.getBase() = this.getAnAccess() and
|
||||
result.getPropertyName() = propertyName
|
||||
}
|
||||
|
||||
@@ -244,17 +244,17 @@ abstract class RecipeDefinition extends DataFlow::CallNode, CustomServiceDefinit
|
||||
this = moduleRef(_).getAMethodCall(methodName) or
|
||||
this = builtinServiceRef("$provide").getAMethodCall(methodName)
|
||||
) and
|
||||
getArgument(0).mayHaveStringValue(name)
|
||||
this.getArgument(0).mayHaveStringValue(name)
|
||||
}
|
||||
|
||||
override string getName() { result = name }
|
||||
|
||||
override DataFlow::SourceNode getAFactoryFunction() { result.flowsTo(getArgument(1)) }
|
||||
override DataFlow::SourceNode getAFactoryFunction() { result.flowsTo(this.getArgument(1)) }
|
||||
|
||||
override DataFlow::Node getAnInjectableFunction() {
|
||||
methodName != "value" and
|
||||
methodName != "constant" and
|
||||
result = getAFactoryFunction()
|
||||
result = this.getAFactoryFunction()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -269,7 +269,7 @@ abstract class RecipeDefinition extends DataFlow::CallNode, CustomServiceDefinit
|
||||
*/
|
||||
abstract private class CustomSpecialServiceDefinition extends CustomServiceDefinition,
|
||||
DependencyInjection {
|
||||
override DataFlow::Node getAnInjectableFunction() { result = getAFactoryFunction() }
|
||||
override DataFlow::Node getAnInjectableFunction() { result = this.getAFactoryFunction() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -498,7 +498,9 @@ class InjectableFunctionServiceRequest extends ServiceRequestNode {
|
||||
/**
|
||||
* Gets a name of a requested service.
|
||||
*/
|
||||
string getAServiceName() { exists(getAnInjectedFunction().getADependencyDeclaration(result)) }
|
||||
string getAServiceName() {
|
||||
exists(this.getAnInjectedFunction().getADependencyDeclaration(result))
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a service with the specified name, relative to this request.
|
||||
@@ -576,7 +578,7 @@ class ServiceRecipeDefinition extends RecipeDefinition {
|
||||
*/
|
||||
|
||||
exists(InjectableFunction f |
|
||||
f = getAFactoryFunction() and
|
||||
f = this.getAFactoryFunction() and
|
||||
result = f.asFunction()
|
||||
)
|
||||
}
|
||||
@@ -589,7 +591,7 @@ class ServiceRecipeDefinition extends RecipeDefinition {
|
||||
class ValueRecipeDefinition extends RecipeDefinition {
|
||||
ValueRecipeDefinition() { methodName = "value" }
|
||||
|
||||
override DataFlow::SourceNode getAService() { result = getAFactoryFunction() }
|
||||
override DataFlow::SourceNode getAService() { result = this.getAFactoryFunction() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -599,7 +601,7 @@ class ValueRecipeDefinition extends RecipeDefinition {
|
||||
class ConstantRecipeDefinition extends RecipeDefinition {
|
||||
ConstantRecipeDefinition() { methodName = "constant" }
|
||||
|
||||
override DataFlow::SourceNode getAService() { result = getAFactoryFunction() }
|
||||
override DataFlow::SourceNode getAService() { result = this.getAFactoryFunction() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -622,7 +624,7 @@ class ProviderRecipeDefinition extends RecipeDefinition {
|
||||
*/
|
||||
|
||||
exists(DataFlow::ThisNode thiz, InjectableFunction f |
|
||||
f = getAFactoryFunction() and
|
||||
f = this.getAFactoryFunction() and
|
||||
thiz.getBinder() = f.asFunction() and
|
||||
result = thiz.getAPropertySource("$get")
|
||||
)
|
||||
@@ -647,7 +649,9 @@ class ConfigMethodDefinition extends ModuleApiCall {
|
||||
/**
|
||||
* Gets a provided configuration method.
|
||||
*/
|
||||
InjectableFunction getConfigMethod() { result.(DataFlow::SourceNode).flowsTo(getArgument(0)) }
|
||||
InjectableFunction getConfigMethod() {
|
||||
result.(DataFlow::SourceNode).flowsTo(this.getArgument(0))
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -660,12 +664,12 @@ class RunMethodDefinition extends ModuleApiCall {
|
||||
/**
|
||||
* Gets a provided run method.
|
||||
*/
|
||||
InjectableFunction getRunMethod() { result.(DataFlow::SourceNode).flowsTo(getArgument(0)) }
|
||||
InjectableFunction getRunMethod() { result.(DataFlow::SourceNode).flowsTo(this.getArgument(0)) }
|
||||
}
|
||||
|
||||
/**
|
||||
* The `$scope` or `$rootScope` service.
|
||||
*/
|
||||
class ScopeServiceReference extends BuiltinServiceReference {
|
||||
ScopeServiceReference() { getName() = "$scope" or getName() = "$rootScope" }
|
||||
ScopeServiceReference() { this.getName() = "$scope" or this.getName() = "$rootScope" }
|
||||
}
|
||||
|
||||
@@ -158,7 +158,9 @@ module Express {
|
||||
* This differs from `getARouteHandler` in that the argument expression is
|
||||
* returned, not its dataflow source.
|
||||
*/
|
||||
deprecated Expr getRouteHandlerExpr(int index) { result = getRouteHandlerNode(index).asExpr() }
|
||||
deprecated Expr getRouteHandlerExpr(int index) {
|
||||
result = this.getRouteHandlerNode(index).asExpr()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the `n`th handler registered by this setup, with 0 being the first.
|
||||
|
||||
@@ -114,13 +114,13 @@ module Firebase {
|
||||
class QueryListenCall extends DataFlow::MethodCallNode {
|
||||
QueryListenCall() {
|
||||
this = query().getAMethodCall() and
|
||||
(getMethodName() = "on" or getMethodName() = "once")
|
||||
(this.getMethodName() = "on" or this.getMethodName() = "once")
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the argument in which the callback is passed.
|
||||
*/
|
||||
DataFlow::Node getCallbackNode() { result = getArgument(1) }
|
||||
DataFlow::Node getCallbackNode() { result = this.getArgument(1) }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -183,13 +183,13 @@ module Firebase {
|
||||
class RefBuilderListenCall extends DataFlow::MethodCallNode {
|
||||
RefBuilderListenCall() {
|
||||
this = ref().getAMethodCall() and
|
||||
getMethodName() = "on" + any(string s)
|
||||
this.getMethodName() = "on" + any(string s)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the data flow node holding the listener callback.
|
||||
*/
|
||||
DataFlow::Node getCallbackNode() { result = getArgument(0) }
|
||||
DataFlow::Node getCallbackNode() { result = this.getArgument(0) }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -199,14 +199,14 @@ module Firebase {
|
||||
RouteSetup() { this = namespace().getAPropertyRead("https").getAMemberCall("onRequest") }
|
||||
|
||||
override DataFlow::SourceNode getARouteHandler() {
|
||||
result = getARouteHandler(DataFlow::TypeBackTracker::end())
|
||||
result = this.getARouteHandler(DataFlow::TypeBackTracker::end())
|
||||
}
|
||||
|
||||
private DataFlow::SourceNode getARouteHandler(DataFlow::TypeBackTracker t) {
|
||||
t.start() and
|
||||
result = getArgument(0).getALocalSource()
|
||||
result = this.getArgument(0).getALocalSource()
|
||||
or
|
||||
exists(DataFlow::TypeBackTracker t2 | result = getARouteHandler(t2).backtrack(t2, t))
|
||||
exists(DataFlow::TypeBackTracker t2 | result = this.getARouteHandler(t2).backtrack(t2, t))
|
||||
}
|
||||
|
||||
override DataFlow::Node getServer() { none() }
|
||||
|
||||
@@ -25,18 +25,18 @@ module Hapi {
|
||||
/**
|
||||
* Gets the parameter of the route handler that contains the request object.
|
||||
*/
|
||||
DataFlow::ParameterNode getRequestParameter() { result = getParameter(0) }
|
||||
DataFlow::ParameterNode getRequestParameter() { result = this.getParameter(0) }
|
||||
|
||||
/**
|
||||
* Gets the parameter of the route handler that contains the "request toolkit",
|
||||
* usually named `h`.
|
||||
*/
|
||||
DataFlow::ParameterNode getRequestToolkitParameter() { result = getParameter(1) }
|
||||
DataFlow::ParameterNode getRequestToolkitParameter() { result = this.getParameter(1) }
|
||||
|
||||
/**
|
||||
* Gets a source node referring to the request toolkit parameter, usually named `h`.
|
||||
*/
|
||||
DataFlow::SourceNode getRequestToolkit() { result = getRequestToolkitParameter() }
|
||||
DataFlow::SourceNode getRequestToolkit() { result = this.getRequestToolkitParameter() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -203,24 +203,24 @@ module Hapi {
|
||||
server.ref().getAMethodCall() = this and
|
||||
(
|
||||
// server.route({ handler: fun })
|
||||
getMethodName() = "route" and
|
||||
getOptionArgument(0, "handler") = handler
|
||||
this.getMethodName() = "route" and
|
||||
this.getOptionArgument(0, "handler") = handler
|
||||
or
|
||||
// server.ext('/', fun)
|
||||
getMethodName() = "ext" and
|
||||
handler = getArgument(1)
|
||||
this.getMethodName() = "ext" and
|
||||
handler = this.getArgument(1)
|
||||
)
|
||||
}
|
||||
|
||||
override DataFlow::SourceNode getARouteHandler() {
|
||||
result = getARouteHandler(DataFlow::TypeBackTracker::end())
|
||||
result = this.getARouteHandler(DataFlow::TypeBackTracker::end())
|
||||
}
|
||||
|
||||
private DataFlow::SourceNode getARouteHandler(DataFlow::TypeBackTracker t) {
|
||||
t.start() and
|
||||
result = getRouteHandler().getALocalSource()
|
||||
result = this.getRouteHandler().getALocalSource()
|
||||
or
|
||||
exists(DataFlow::TypeBackTracker t2 | result = getARouteHandler(t2).backtrack(t2, t))
|
||||
exists(DataFlow::TypeBackTracker t2 | result = this.getARouteHandler(t2).backtrack(t2, t))
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
@@ -268,9 +268,9 @@ module Hapi {
|
||||
|
||||
override DataFlow::SourceNode getOutput() { none() }
|
||||
|
||||
override DataFlow::Node getTemplateFileNode() { result = getArgument(0) }
|
||||
override DataFlow::Node getTemplateFileNode() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getTemplateParamsNode() { result = getArgument(1) }
|
||||
override DataFlow::Node getTemplateParamsNode() { result = this.getArgument(1) }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -56,7 +56,7 @@ module NestJS {
|
||||
*/
|
||||
predicate isReturnValueReflected() {
|
||||
getAFunctionDecorator(this) = nestjs().getMember(["Get", "Post"]).getACall() and
|
||||
not hasRedirectDecorator() and
|
||||
not this.hasRedirectDecorator() and
|
||||
not getAFunctionDecorator(this) = nestjs().getMember("Render").getACall()
|
||||
}
|
||||
|
||||
@@ -93,7 +93,7 @@ module NestJS {
|
||||
NestJSRequestInput() {
|
||||
decoratorName =
|
||||
["Query", "Param", "Headers", "Body", "HostParam", "UploadedFile", "UploadedFiles"] and
|
||||
decorator = getADecorator() and
|
||||
decorator = this.getADecorator() and
|
||||
decorator = nestjs().getMember(decoratorName).getACall()
|
||||
}
|
||||
|
||||
@@ -105,7 +105,7 @@ module NestJS {
|
||||
|
||||
/** Gets a pipe applied to this parameter, not including global pipes. */
|
||||
DataFlow::Node getAPipe() {
|
||||
result = getNestRouteHandler().getAPipe()
|
||||
result = this.getNestRouteHandler().getAPipe()
|
||||
or
|
||||
result = decorator.getArgument(1)
|
||||
or
|
||||
@@ -132,7 +132,7 @@ module NestJS {
|
||||
hasSanitizingPipe(this, false)
|
||||
or
|
||||
hasSanitizingPipe(this, true) and
|
||||
isSanitizingType(getParameter().getType().unfold())
|
||||
isSanitizingType(this.getParameter().getType().unfold())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -240,14 +240,14 @@ module NestJS {
|
||||
)
|
||||
}
|
||||
|
||||
DataFlow::FunctionNode getTransformFunction() { result = getInstanceMethod("transform") }
|
||||
DataFlow::FunctionNode getTransformFunction() { result = this.getInstanceMethod("transform") }
|
||||
|
||||
DataFlow::ParameterNode getInputData() { result = getTransformFunction().getParameter(0) }
|
||||
DataFlow::ParameterNode getInputData() { result = this.getTransformFunction().getParameter(0) }
|
||||
|
||||
DataFlow::Node getOutputData() { result = getTransformFunction().getReturnNode() }
|
||||
DataFlow::Node getOutputData() { result = this.getTransformFunction().getReturnNode() }
|
||||
|
||||
NestJSRequestInput getAnAffectedParameter() {
|
||||
[getAnInstanceReference(), getAClassReference()].flowsTo(result.getAPipe())
|
||||
[this.getAnInstanceReference(), this.getAClassReference()].flowsTo(result.getAPipe())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -297,16 +297,16 @@ module NestJS {
|
||||
private class NestJSRequestInputAsRequestInputAccess extends NestJSRequestInput,
|
||||
HTTP::RequestInputAccess {
|
||||
NestJSRequestInputAsRequestInputAccess() {
|
||||
not isSanitizedByPipe() and
|
||||
not this.isSanitizedByPipe() and
|
||||
not this = any(CustomPipeClass cls).getAnAffectedParameter()
|
||||
}
|
||||
|
||||
override HTTP::RouteHandler getRouteHandler() { result = getNestRouteHandler() }
|
||||
override HTTP::RouteHandler getRouteHandler() { result = this.getNestRouteHandler() }
|
||||
|
||||
override string getKind() { result = getInputKind() }
|
||||
override string getKind() { result = this.getInputKind() }
|
||||
|
||||
override predicate isUserControlledObject() {
|
||||
not exists(getAPipe()) and // value is not transformed by a pipe
|
||||
not exists(this.getAPipe()) and // value is not transformed by a pipe
|
||||
(
|
||||
decorator.getNumArgument() = 0
|
||||
or
|
||||
@@ -389,15 +389,15 @@ module NestJS {
|
||||
CustomParameterDecorator() { this = nestjs().getMember("createParamDecorator").getACall() }
|
||||
|
||||
/** Gets the `context` parameter. */
|
||||
API::Node getExecutionContext() { result = getParameter(0).getParameter(1) }
|
||||
API::Node getExecutionContext() { result = this.getParameter(0).getParameter(1) }
|
||||
|
||||
/** Gets a parameter with this decorator applied. */
|
||||
DataFlow::ParameterNode getADecoratedParameter() {
|
||||
result.getADecorator() = getReturn().getReturn().getAValueReachableFromSource()
|
||||
result.getADecorator() = this.getReturn().getReturn().getAValueReachableFromSource()
|
||||
}
|
||||
|
||||
/** Gets a value returned by the decorator's callback, which becomes the value of the decorated parameter. */
|
||||
DataFlow::Node getResult() { result = getParameter(0).getReturn().asSink() }
|
||||
DataFlow::Node getResult() { result = this.getParameter(0).getReturn().asSink() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -162,7 +162,7 @@ module Restify {
|
||||
server.ref().getAMethodCall(any(HTTP::RequestMethodName m).toLowerCase()) = this
|
||||
}
|
||||
|
||||
override DataFlow::SourceNode getARouteHandler() { result.flowsTo(getArgument(1)) }
|
||||
override DataFlow::SourceNode getARouteHandler() { result.flowsTo(this.getArgument(1)) }
|
||||
|
||||
override DataFlow::Node getServer() { result = server }
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user