mirror of
https://github.com/github/codeql.git
synced 2026-04-26 01:05:15 +02:00
@@ -181,7 +181,6 @@ and the CodeQL library pack ``codeql/javascript-all`` (`changelog <https://githu
|
||||
swig, templating language
|
||||
underscore, Utility library
|
||||
vue, HTML framework
|
||||
tanstack, Utility library
|
||||
|
||||
|
||||
Python built-in support
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added Library modeling for the `useQuery` hook from `@tanstack/react-query`.
|
||||
* Added support for the `useQuery` hook from `@tanstack/react-query`.
|
||||
|
||||
@@ -878,7 +878,7 @@ module ClientRequest {
|
||||
* An additional taint step that captures taint propagation from the receiver of fetch response methods
|
||||
* (such as "json", "text", "blob", and "arrayBuffer") to the call result.
|
||||
*/
|
||||
class FetchResponseStep extends TaintTracking::AdditionalTaintStep {
|
||||
private class FetchResponseStep extends TaintTracking::AdditionalTaintStep {
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
exists(DataFlow::MethodCallNode call |
|
||||
call.getMethodName() in ["json", "text", "blob", "arrayBuffer"] and
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
/**
|
||||
* Provides an additional flow step that propagates data from the receiver of fetch response methods.
|
||||
*/
|
||||
|
||||
private import javascript
|
||||
|
||||
/**
|
||||
* An additional flow step that propagates data from the receiver of fetch response methods
|
||||
* (like "json", "text", "blob", and "arrayBuffer") to the call result.
|
||||
*/
|
||||
class Fetch extends DataFlow::AdditionalFlowStep {
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
exists(DataFlow::MethodCallNode call |
|
||||
call.getMethodName() in ["json", "text", "blob", "arrayBuffer"] and
|
||||
node1 = call.getReceiver() and
|
||||
node2 = call
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -8,7 +8,7 @@ private import javascript
|
||||
* An additional flow step that propagates data from the return value of the query function,
|
||||
* defined in a useQuery call from the '@tanstack/react-query' module, to the 'data' property.
|
||||
*/
|
||||
class TanstackStep extends DataFlow::AdditionalFlowStep {
|
||||
private class TanstackStep extends DataFlow::AdditionalFlowStep {
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
exists(API::CallNode useQuery |
|
||||
useQuery = useQueryCall() and
|
||||
@@ -21,6 +21,6 @@ class TanstackStep extends DataFlow::AdditionalFlowStep {
|
||||
/**
|
||||
* Retrieves a call node representing a useQuery invocation from the '@tanstack/react-query' module.
|
||||
*/
|
||||
API::CallNode useQueryCall() {
|
||||
private API::CallNode useQueryCall() {
|
||||
result = API::moduleImport("@tanstack/react-query").getMember("useQuery").getACall()
|
||||
}
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
import { useQuery } from "@tanstack/react-query";
|
||||
export { useQuery}
|
||||
export { useQuery }
|
||||
|
||||
Reference in New Issue
Block a user