hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added modeling of underscore.string string to string functions.

Browse Source
This commit is contained in:
Napalys
2025-03-17 12:50:41 +01:00
parent e8b233f086
commit 9bca863e38
2 changed files with 37 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/lib/ext/underscore.string.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
- ["'underscore.string'", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,map]", "Argument[0]", "ReturnValue", "taint"]

62
javascript/ql/test/library-tests/TripleDot/underscore.string.js
View File

@@ -1,35 +1,35 @@
var s = require("underscore.string");
function strToStr() {
sink(s.slugify(source("s1"))); // $ MISSING: hasTaintFlow=s1
sink(s.capitalize(source("s2"))); // $ MISSING: hasTaintFlow=s2
sink(s.decapitalize(source("s3"))); // $ MISSING: hasTaintFlow=s3
sink(s.clean(source("s4"))); // $ MISSING: hasTaintFlow=s4
sink(s.cleanDiacritics(source("s5"))); // $ MISSING: hasTaintFlow=s5
sink(s.swapCase(source("s6"))); // $ MISSING: hasTaintFlow=s6
sink(s.escapeHTML(source("s7"))); // $ MISSING: hasTaintFlow=s7
sink(s.unescapeHTML(source("s8"))); // $ MISSING: hasTaintFlow=s8
sink(s.wrap(source("s9"), {})); // $ MISSING: hasTaintFlow=s9
sink(s.dedent(source("s10"), " ")); // $ MISSING: hasTaintFlow=s10
sink(s.reverse(source("s11"))); // $ MISSING: hasTaintFlow=s11
sink(s.pred(source("s12"))); // $ MISSING: hasTaintFlow=s12
sink(s.succ(source("s13"))); // $ MISSING: hasTaintFlow=s13
sink(s.titleize(source("s14"))); // $ MISSING: hasTaintFlow=s14
sink(s.camelize(source("s15"))); // $ MISSING: hasTaintFlow=s15
sink(s.classify(source("s16"))); // $ MISSING: hasTaintFlow=s16
sink(s.underscored(source("s17"))); // $ MISSING: hasTaintFlow=s17
sink(s.dasherize(source("s18"))); // $ MISSING: hasTaintFlow=s18
sink(s.humanize(source("s19"))); // $ MISSING: hasTaintFlow=s19
sink(s.trim(source("s20"),"charsToStrim")); // $ MISSING: hasTaintFlow=s20
sink(s.ltrim(source("s21"),"charsToStrim")); // $ MISSING: hasTaintFlow=s21
sink(s.rtrim(source("s22"),"charsToStrim")); // $ MISSING: hasTaintFlow=s22
sink(s.truncate(source("s23"), 10)); // $ MISSING: hasTaintFlow=s23
sink(s.sprintf(source("s24"), 1.17)); // $ MISSING: hasTaintFlow=s24
sink(s.strRight(source("s25"), "pattern")); // $ MISSING: hasTaintFlow=s25
sink(s.strRightBack(source("s26"), "pattern")); // $ MISSING: hasTaintFlow=s26
sink(s.strLeft(source("s27"), "pattern")); // $ MISSING: hasTaintFlow=s27
sink(s.strLeftBack(source("s28"), "pattern")); // $ MISSING: hasTaintFlow=s28
sink(s.stripTags(source("s29"))); // $ MISSING: hasTaintFlow=s29
sink(s.unquote(source("s30"), "quote")); // $ MISSING: hasTaintFlow=s30
sink(s.map(source("s31"), (x) => {return x;})); // $ MISSING: hasTaintFlow=s31
sink(s.slugify(source("s1"))); // $ hasTaintFlow=s1
sink(s.capitalize(source("s2"))); // $ hasTaintFlow=s2
sink(s.decapitalize(source("s3"))); // $ hasTaintFlow=s3
sink(s.clean(source("s4"))); // $ hasTaintFlow=s4
sink(s.cleanDiacritics(source("s5"))); // $ hasTaintFlow=s5
sink(s.swapCase(source("s6"))); // $ hasTaintFlow=s6
sink(s.escapeHTML(source("s7"))); // $ hasTaintFlow=s7
sink(s.unescapeHTML(source("s8"))); // $ hasTaintFlow=s8
sink(s.wrap(source("s9"), {})); // $ hasTaintFlow=s9
sink(s.dedent(source("s10"), " ")); // $ hasTaintFlow=s10
sink(s.reverse(source("s11"))); // $ hasTaintFlow=s11
sink(s.pred(source("s12"))); // $ hasTaintFlow=s12
sink(s.succ(source("s13"))); // $ hasTaintFlow=s13
sink(s.titleize(source("s14"))); // $ hasTaintFlow=s14
sink(s.camelize(source("s15"))); // $ hasTaintFlow=s15
sink(s.classify(source("s16"))); // $ hasTaintFlow=s16
sink(s.underscored(source("s17"))); // $ hasTaintFlow=s17
sink(s.dasherize(source("s18"))); // $ hasTaintFlow=s18
sink(s.humanize(source("s19"))); // $ hasTaintFlow=s19
sink(s.trim(source("s20"),"charsToStrim")); // $ hasTaintFlow=s20
sink(s.ltrim(source("s21"),"charsToStrim")); // $ hasTaintFlow=s21
sink(s.rtrim(source("s22"),"charsToStrim")); // $ hasTaintFlow=s22
sink(s.truncate(source("s23"), 10)); // $ hasTaintFlow=s23
sink(s.sprintf(source("s24"), 1.17)); // $ hasTaintFlow=s24
sink(s.strRight(source("s25"), "pattern")); // $ hasTaintFlow=s25
sink(s.strRightBack(source("s26"), "pattern")); // $ hasTaintFlow=s26
sink(s.strLeft(source("s27"), "pattern")); // $ hasTaintFlow=s27
sink(s.strLeftBack(source("s28"), "pattern")); // $ hasTaintFlow=s28
sink(s.stripTags(source("s29"))); // $ hasTaintFlow=s29
sink(s.unquote(source("s30"), "quote")); // $ hasTaintFlow=s30
sink(s.map(source("s31"), (x) => {return x;})); // $ hasTaintFlow=s31
}