hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Typeahead

Browse Source
This commit is contained in:
Asger Feldthaus
2020-03-28 10:05:48 +00:00
parent 9ee81cb115
commit ade75793dd
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/src/semmle/javascript/frameworks/Typeahead.qll
View File

@@ -126,11 +126,13 @@ module Typeahead {
/**
* A taint step that models that a function in the `source` of typeahead.js is used to determine the input to the suggestion function.
*/
private class TypeaheadSourceTaintStep extends TypeaheadSource, TaintTracking::AdditionalTaintStep {
private class TypeaheadSourceTaintStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
// Matches `$(...).typeahead({..}, {source: function(q, cb) {..;cb(<pred>);..}, templates: { suggestion: function(<succ>) {} } })`.
pred = this.getAFunctionValue().getParameter([1 .. 2]).getACall().getAnArgument() and
succ = this.getASuggestion()
exists(TypeaheadSource typeahead |
pred = typeahead.getAFunctionValue().getParameter([1 .. 2]).getACall().getAnArgument() and
succ = typeahead.getASuggestion()
)
}
}
}