hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Check privacy earlier

Browse Source
This commit is contained in:
Asger F
2024-02-14 14:05:59 +01:00
parent 5c454944a9
commit a3dc19fd31
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/lib/semmle/javascript/endpoints/EndpointNaming.qll
View File

@@ -38,19 +38,21 @@ private string join(string x, string y) {
private predicate isPackageExport(API::Node node) { node = API::moduleExport(_) }
private predicate memberEdge(API::Node pred, API::Node succ) { succ = pred.getAMember() }
private predicate relevantEdge(API::Node pred, API::Node succ) {
succ = pred.getAMember() and
not isPrivateLike(succ)
}
/** Gets the shortest distance from a packaeg export to `nd` in the API graph. */
private int distanceFromPackageExport(API::Node nd) =
shortestDistances(isPackageExport/1, memberEdge/2)(_, nd, result)
shortestDistances(isPackageExport/1, relevantEdge/2)(_, nd, result)
private predicate isExported(API::Node node) {
isPackageExport(node)
or
exists(API::Node pred |
isExported(pred) and
memberEdge(pred, node) and
not isPrivateLike(node)
relevantEdge(pred, node)
)
}
@@ -81,6 +83,7 @@ private predicate isPrivateLike(API::Node node) { isPrivateAssignment(node.asSin
private API::Node getASuccessor(API::Node node, string name, int badness) {
isExported(node) and
isExported(result) and
exists(string member |
result = node.getMember(member) and
if member = "default"

3
javascript/ql/test/library-tests/EndpointNaming/EndpointNaming.expected
View File

@@ -1,5 +1,4 @@
testFailures
| pack11/index.ts:2:12:2:65 | // $ me ... .name.m | Missing result:method=(pack11).C1.publicField.really.long.name.m |
| pack11/index.ts:33:1:33:16 | | Unexpected result: method=(pack11).C3.privateField |
| pack11/index.ts:33:18:33:69 | // $ me ... ng.name | Missing result:method=(pack11).C3.publicField.really.long.name |
| pack11/index.ts:41:23:41:24 | | Unexpected result: alias=(pack11).C3.publicField.really.long.name==(pack11).C3.privateField |
@@ -7,6 +6,6 @@ ambiguousPreferredPredecessor
| pack2/lib.js:8:22:8:34 | def moduleImport("pack2").getMember("exports").getMember("lib").getMember("LibClass").getMember("foo") |
ambiguousSinkName
ambiguousClassObjectName
ambiguousClassInstanceName
failures
ambiguousClassInstanceName
ambiguousFunctionName