hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Fix uses of TypeTracker with custom flow steps.

Browse Source 
These steps need to check that the type hasn't been tracked into a property.
This commit is contained in:
Max Schaefer
2019-03-28 10:33:04 +00:00
parent b2faac30c9
commit c097031c7e
3 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll
View File

@@ -51,6 +51,7 @@ module SocketIO {
// exclude getter versions
exists(mcn.getAnArgument()) and
result = mcn and
t2.getProp() = "" and
t = t2
)
)
@@ -110,6 +111,7 @@ module SocketIO {
or
// invocation of a chainable method
result = pred.getAMethodCall(namespaceChainableMethod()) and
t2.getProp() = "" and
t = t2
or
// invocation of chainable getter method
@@ -119,6 +121,7 @@ module SocketIO {
m = "volatile"
|
result = pred.getAPropertyRead(m) and
t2.getProp() = "" and
t = t2
)
)
@@ -171,6 +174,7 @@ module SocketIO {
m = EventEmitter::chainableMethod()
|
result = pred.getAMethodCall(m) and
t2.getProp() = "" and
t = t2
)
or
@@ -182,6 +186,7 @@ module SocketIO {
m = "volatile"
|
result = pred.getAPropertyRead(m) and
t2.getProp() = "" and
t = t2
)
)