hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor of benignContext predicate based on code review

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-10-02 11:22:52 +02:00
parent cdde8aea58
commit bda37b6d6f
3 changed files with 28 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
javascript/ql/src/Statements/UseOfReturnlessFunction.ql
View File

@@ -37,35 +37,36 @@ predicate benignContext(Expr e) {
or
exists(ConditionalExpr cond | cond.getABranch() = e and benignContext(cond))
or
exists(BinaryExpr bin | (bin.getOperator() = "&&" or bin.getOperator() = "||") and bin.getAnOperand() = e and benignContext(bin))
exists(LogicalBinaryExpr bin | bin.getAnOperand() = e and benignContext(bin))
or
exists(SeqExpr parent | parent.getAnOperand() = e and benignContext(parent))
exists(SeqExpr seq, int i, int n | e = seq.getOperand(i) and n = seq.getNumOperands() |
i < n - 1 or benignContext(seq)
)
or
exists(ParExpr par | par.getExpression() = e and benignContext(par))
exists(Expr parent | parent.getUnderlyingValue() = e and benignContext(parent))
or
exists(TypeAssertion assert | assert.getExpression() = e and inVoidContext(assert))
or
exists(UnaryExpr unOp | unOp.getOperator() = "void" and unOp.getOperand() = e)
or
// It is ok (or to be flagged by another query?) to await a non-async function.
exists(AwaitExpr await | await.getOperand() = e)
or
// Avoid double reporting. It will always evaluate to false.
exists(IfStmt ifStmt | ifStmt.getCondition() = e)
or
// Avoid double reporting. `e` will always evaluate to undefined.
exists(Comparison binOp | binOp.getAnOperand() = e)
or
// Avoid double reporting of "The base expression of this property access is always undefined.".
exists(PropAccess ac | ac.getBase() = e)
exists(VoidExpr voidExpr | voidExpr.getOperand() = e)
or
// The call is only in a non-void context because it is in a lambda.
exists(ArrowFunctionExpr arrow |
arrow.getBody() = e
)
or
// It is ok (or to be flagged by another query?) to await a non-async function.
exists(AwaitExpr await | await.getOperand() = e and benignContext(await))
or
// Avoid double reporting with js/trivial-conditional
exists(IfStmt ifStmt | ifStmt.getCondition() = e)
or
// Avoid double reporting with js/comparison-between-incompatible-types
exists(Comparison binOp | binOp.getAnOperand() = e)
or
// Avoid double reporting with js/property-access-on-non-object
exists(PropAccess ac | ac.getBase() = e)
or
// Avoid double-reporting with unused local.
exists(VariableDeclarator v | v.getInit() = e and v.getBindingPattern().getVariable() instanceof UnusedLocal)
}