hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

cleanup and refactor of promise case based on code-review

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-10-02 15:49:25 +02:00
parent 0b48999718
commit 92623a3e32
1 changed files with 1 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/src/Statements/UseOfReturnlessFunction.ql
View File

@@ -88,13 +88,8 @@ predicate callBlacklist(DataFlow::CallNode call) {
// anonymous one-shot closure. Those are used in weird ways and we ignore them.
call.asExpr() = any(ImmediatelyInvokedFunctionExpr f).getInvocation() or
// Calls on "this" tend to overloaded. So future overloads might start returning something.
call.asExpr().(MethodCallExpr).getReceiver() instanceof ThisExpr or
// similarly, methods received through parameters might later receive new dataflow. We have just only seen one callee.
call.getCalleeNode().getALocalSource() instanceof DataFlow::ParameterNode or
// arguments to Promise.resolve (and promise library variants) are benign.
exists(MethodCallExpr e | e.getCalleeName() = "resolve" and call.asExpr() = e.getArgument(0))
call = any(ResolvedPromiseDefinition promise).getValue()
}
from DataFlow::CallNode call