QL code and tests for C#/C++/JavaScript.

2026-04-30 19:26:02 +02:00 · 2018-08-02 17:53:23 +01:00
commit b55526aa58
10684 changed files with 581163 additions and 0 deletions
--- a/javascript/ql/src/LanguageFeatures/Eval.ql
+++ b/javascript/ql/src/LanguageFeatures/Eval.ql
@@ -0,0 +1,44 @@
+/**
+ * @name Use of eval
+ * @description The 'eval' function and the 'Function' constructor execute strings as code. This is dangerous and impedes
+ *              program analysis and understanding. Consequently, these two functions should not be used.
+ * @kind problem
+ * @problem.severity recommendation
+ * @id js/eval-call
+ * @tags maintainability
+ *       language-features
+ *       external/cwe/cwe-676
+ * @precision medium
+ */
+
+import javascript
+
+/**
+ * A call to `new Function(...)`.
+ */
+class NewFunction extends DataFlow::NewNode {
+  NewFunction() {
+    this = DataFlow::globalVarRef("Function").getAnInvocation()
+  }
+}
+
+/**
+ * A call to `eval`.
+ */
+class EvalCall extends DataFlow::CallNode {
+  EvalCall() {
+    this = DataFlow::globalVarRef("eval").getACall()
+  }
+}
+
+/**
+ * A call to `new Function(...)` or `eval`.
+ */
+class EvalUse extends DataFlow::Node {
+  EvalUse() {
+    this instanceof NewFunction or this instanceof EvalCall
+  }
+}
+
+from EvalUse eval
+select eval, "Do not use eval or the Function constructor."