hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add DataFlow::SharedFlowStep to future-proof the tutorial

Browse Source
This commit is contained in:
Asger Feldthaus
2021-03-16 12:05:55 +00:00
parent d74e84abd8
commit a97d3452a7
2 changed files with 50 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
View File

@@ -72,6 +72,7 @@ private import javascript
private import internal.FlowSteps
private import internal.AccessPaths
private import internal.CallGraphs
private import internal.Unit
private import semmle.javascript.internal.CachedStages
/**
@@ -609,6 +610,54 @@ abstract class AdditionalFlowStep extends DataFlow::Node {
}
}
/**
* A data flow edge that should be added to all data flow configurations in
* addition to standard data flow edges.
*
* This class is a singleton, and thus subclasses do not need to specify a characteristic predicate.
*
* Note: For performance reasons, all subclasses of this class should be part
* of the standard library. Override `Configuration::isAdditionalFlowStep`
* for analysis-specific flow steps.
*/
class SharedFlowStep extends Unit {
/**
* Holds if `pred` → `succ` should be considered a data flow edge.
*/
predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
/**
* Holds if `pred` → `succ` should be considered a data flow edge
* transforming values with label `predlbl` to have label `succlbl`.
*/
predicate step(
DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
DataFlow::FlowLabel succlbl
) {
none()
}
}
/**
* Contributes subclasses of `SharedFlowStep` to `AdditionalFlowStep`.
*
* This is a placeholder until we migrate to the `SharedFlowStep` class and deprecate `AdditionalFlowStep`.
*/
private class SharedStepAsAdditionalFlowStep extends AdditionalFlowStep {
SharedStepAsAdditionalFlowStep() {
any(SharedFlowStep st).step(_, this) or
any(SharedFlowStep st).step(_, this, _, _)
}
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
any(SharedFlowStep st).step(pred, succ) and succ = this
}
override predicate step(DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, DataFlow::FlowLabel succlbl) {
any(SharedFlowStep st).step(pred, succ, predlbl, succlbl) and succ = this
}
}
/**
* A collection of pseudo-properties that are used in multiple files.
*