hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #885 from asger-semmle/async-waterfall

Browse Source 
Approved by xiemaisi
This commit is contained in:
semmle-qlci
2019-02-06 16:30:17 +00:00
committed by GitHub
parent 09825f28ed ddd72190cb
commit b13c11017c
4 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/semmle/javascript/frameworks/AsyncPackage.qll
View File

@@ -29,7 +29,10 @@ module AsyncPackage {
* A call to `async.waterfall`.
*/
class Waterfall extends DataFlow::InvokeNode {
Waterfall() { this = member("waterfall").getACall() }
Waterfall() {
this = member("waterfall").getACall() or
this = DataFlow::moduleImport("a-sync-waterfall").getACall()
}
/**
* Gets the array of tasks, if it can be found.

8
javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected
View File

@@ -3,6 +3,8 @@
| map.js:20:19:20:26 | source() | map.js:23:27:23:32 | result |
| map.js:26:13:26:20 | source() | map.js:28:27:28:32 | result |
| sortBy.js:10:22:10:29 | source() | sortBy.js:12:27:12:32 | result |
| waterfall.js:7:30:7:37 | source() | waterfall.js:10:12:10:16 | taint |
| waterfall.js:7:30:7:37 | source() | waterfall.js:19:10:19:14 | taint |
| waterfall.js:27:18:27:25 | source() | waterfall.js:38:10:38:12 | err |
| waterfall.js:8:30:8:37 | source() | waterfall.js:11:12:11:16 | taint |
| waterfall.js:8:30:8:37 | source() | waterfall.js:20:10:20:14 | taint |
| waterfall.js:28:18:28:25 | source() | waterfall.js:39:10:39:12 | err |
| waterfall.js:46:22:46:29 | source() | waterfall.js:49:12:49:16 | taint |
| waterfall.js:46:22:46:29 | source() | waterfall.js:55:10:55:14 | taint |

16
javascript/ql/test/library-tests/frameworks/AsyncPackage/waterfall.js
View File

@@ -1,4 +1,5 @@
let async_ = require('async');
let waterfall = require('a-sync-waterfall');
var source, sink, somethingWrong;
@@ -39,3 +40,18 @@ async_.waterfall([
sink(safe); // OK
}
);
waterfall([
function(callback) {
callback(null, source());
},
function(taint, callback) {
sink(taint); // NOT OK
callback(null, taint);
}
],
function(err, taint) {
sink(err); // OK
sink(taint); // NOT OK
}
);