add support for the change-case library

2026-05-02 04:05:14 +02:00 · 2021-07-12 13:37:06 +02:00
parent db4c8dfd3c
commit a5d1325d3f
4 changed files with 27 additions and 0 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/StringFormatters.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/StringFormatters.qll
@@ -103,3 +103,18 @@ private class LibraryFormatter extends PrintfStyleCall {

  override predicate returnsFormatted() { returns = true }
 }
+
+/**
+ * A taint step through a case changing function.
+ */
+private class CaseChangingStep extends TaintTracking::SharedTaintStep {
+  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(DataFlow::SourceNode callee, DataFlow::CallNode call |
+      callee = DataFlow::moduleMember("change-case", _)
+    |
+      call = callee.getACall() and
+      pred = call.getArgument(0) and
+      succ = call
+    )
+  }
+}
--- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
+++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -35,6 +35,7 @@ typeInferenceMismatch
 | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x |
 | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() |
 | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x |
+| case.js:2:16:2:23 | source() | case.js:5:8:5:35 | changeC ... source) |
 | closure.js:6:15:6:22 | source() | closure.js:8:8:8:31 | string. ... (taint) |
 | closure.js:6:15:6:22 | source() | closure.js:9:8:9:25 | string.trim(taint) |
 | closure.js:6:15:6:22 | source() | closure.js:10:8:10:33 | string. ... nt, 50) |
--- a/javascript/ql/test/library-tests/TaintTracking/case.js
+++ b/javascript/ql/test/library-tests/TaintTracking/case.js
@@ -0,0 +1,7 @@
+function foo() {
+  let source = source();
+  
+  const changeCase = require("change-case");
+  sink(changeCase.camelCase(source)); // NOT OK
+
+}