Merge pull request #4134 from erik-krogh/genCalls

Approved by asgerf
2026-04-28 18:25:24 +02:00 · 2020-09-02 14:23:39 +01:00
parent 5760213490 6cbdc7ad8f
commit c017308505
10 changed files with 113 additions and 5 deletions
--- a/javascript/ql/test/library-tests/Generators/DataFlow.expected
+++ b/javascript/ql/test/library-tests/Generators/DataFlow.expected
--- a/javascript/ql/test/library-tests/Generators/DataFlow.ql
+++ b/javascript/ql/test/library-tests/Generators/DataFlow.ql
@@ -0,0 +1,12 @@
+import javascript
+import testUtilities.ConsistencyChecking
+
+class GeneratorFlowConfig extends DataFlow::Configuration {
+  GeneratorFlowConfig() { this = "GeneratorFlowConfig" }
+
+  override predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument()
+  }
+}
--- a/javascript/ql/test/library-tests/Generators/generators.js
+++ b/javascript/ql/test/library-tests/Generators/generators.js
@@ -0,0 +1,53 @@
+(function () {
+  var source = "source";
+  sink(source); // NOT OK
+
+  function *gen1() {
+    yield source;
+  }
+  for (const x of gen1()) {
+    sink(x); // NOT OK
+  }
+
+  function *gen2() {
+    yield "safe";
+    return source;
+  }
+  sink(gen2()); // OK
+
+  Array.from(gen1()).forEach(x => sink(x)); // NOT OK
+
+  function gen3() {
+    yield source;
+  }
+  Array.from(gen3()).forEach(x => sink(x)); // NOT OK
+
+  function *gen4() {
+    throw source;
+  }
+  try {
+    Array.from(gen4());
+  } catch (e) {
+    sink(e); // NOT OK
+  }
+
+  function *delegating() {
+    yield* delegate();
+  }
+
+  function *delegate() {
+    yield source;
+  }
+
+  Array.from(delegating()).forEach(x => sink(x)); // NOT OK
+
+  function *delegating2() {
+    yield* returnsTaint();
+  }
+
+  function returnsTaint() {
+    return source;
+  }
+
+  Array.from(delegating2()).forEach(x => sink(x)); // OK
+});