JS: recognize defensive expressions for null/undefined

2026-04-29 18:55:14 +02:00 · 2018-10-10 14:58:10 +02:00
parent 2b6ef24bc2
commit a2ecf40878
1 changed files with 56 additions and 0 deletions
--- a/javascript/ql/src/semmle/javascript/DefensiveProgramming.qll
+++ b/javascript/ql/src/semmle/javascript/DefensiveProgramming.qll
@@ -128,4 +128,60 @@ module Internal {

  }

+  /**
+   * Holds if `t` is `null` or `undefined`.
+   */
+  private predicate isNullOrUndefined(InferredType t) {
+    t = TTNull() or
+    t = TTUndefined()
+  }
+
+  /**
+   * Holds if `t` is not `null` or `undefined`.
+   */
+  private predicate isNotNullOrUndefined(InferredType t) {
+    not isNullOrUndefined(t)
+  }
+
+  /**
+   * A value comparison for `null` and `undefined`.
+   */
+  private class NullUndefinedComparison extends UndefinedNullTest {
+
+    Expr operand;
+
+    InferredType op2type;
+
+    NullUndefinedComparison() {
+      exists (Expr op2 |
+        hasOperands(operand, op2) |
+        op2type = TTNull() and SyntacticConstants::isNull(op2)
+        or
+        op2type = TTUndefined() and SyntacticConstants::isUndefined(op2)
+      )
+    }
+
+    override boolean getTheTestResult() {
+      result = getPolarity() and
+      (
+        if this instanceof StrictEqualityTest then
+          operand.analyze().getTheType() = op2type
+        else
+          not isNotNullOrUndefined(operand.analyze().getAType())
+      )
+      or
+      result = getPolarity().booleanNot() and
+      (
+        if this instanceof StrictEqualityTest then
+          not operand.analyze().getAType() = op2type
+        else
+          not isNullOrUndefined(operand.analyze().getAType())
+      )
+    }
+
+    override Expr getOperand() {
+      result = operand
+    }
+  }
+
 }