hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13737 from asgerf/dynamic/fuzzy-models

Browse Source 
Dynamic: add Fuzzy token
This commit is contained in:
Asger F
2023-08-03 09:58:24 +02:00
committed by GitHub
parent 89aa86a1d6 da3eb28767
commit c38cbe859d
17 changed files with 316 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
javascript/ql/test/library-tests/frameworks/data/test.expected
View File

@@ -66,6 +66,14 @@ taintFlow
| test.js:231:59:231:66 | source() | test.js:231:59:231:66 | source() |
| test.js:232:59:232:66 | source() | test.js:232:59:232:66 | source() |
| test.js:233:59:233:66 | source() | test.js:233:59:233:66 | source() |
| test.js:237:21:237:28 | source() | test.js:237:21:237:28 | source() |
| test.js:238:25:238:32 | source() | test.js:238:25:238:32 | source() |
| test.js:239:27:239:34 | source() | test.js:239:27:239:34 | source() |
| test.js:241:17:241:24 | source() | test.js:241:17:241:24 | source() |
| test.js:244:33:244:40 | source() | test.js:244:33:244:40 | source() |
| test.js:249:28:249:35 | source() | test.js:249:28:249:35 | source() |
| test.js:252:15:252:22 | source() | test.js:252:15:252:22 | source() |
| test.js:254:32:254:39 | source() | test.js:254:32:254:39 | source() |
isSink
| test.js:54:18:54:25 | source() | test-sink |
| test.js:55:22:55:29 | source() | test-sink |
@@ -136,6 +144,14 @@ isSink
| test.js:231:59:231:66 | source() | test-sink |
| test.js:232:59:232:66 | source() | test-sink |
| test.js:233:59:233:66 | source() | test-sink |
| test.js:237:21:237:28 | source() | test-sink |
| test.js:238:25:238:32 | source() | test-sink |
| test.js:239:27:239:34 | source() | test-sink |
| test.js:241:17:241:24 | source() | test-sink |
| test.js:244:33:244:40 | source() | test-sink |
| test.js:249:28:249:35 | source() | test-sink |
| test.js:252:15:252:22 | source() | test-sink |
| test.js:254:32:254:39 | source() | test-sink |
syntaxErrors
| Member[foo |
| Member[foo] .Member[bar] |

24
javascript/ql/test/library-tests/frameworks/data/test.js
View File

@@ -232,3 +232,27 @@ function typeVars() {
testlib.typevar.left.x.getThis().getThis().right.mySink(source()); // NOT OK
testlib.typevar.left.x.right.getThis().getThis().mySink(source()); // NOT OK
}
function fuzzy() {
testlib.fuzzyCall(source()); // NOT OK
testlib.foo.fuzzyCall(source()); // NOT OK
testlib.foo().fuzzyCall(source()); // NOT OK
new testlib.Blah().foo.bar(async p => {
p.fuzzyCall(source()); // NOT OK
p.otherCall(source()); // OK
p.fuzzyCall().laterMethod(source()); // OK
(await p.promise).fuzzyCall(source()); // NOT OK
});
const wrapped = _.partial(testlib.foo, [123]);
wrapped().fuzzyCall(source()); // NOT OK [INCONSISTENCY] - API graphs do not currently propagate return values through partial invocation
wrapped(p => p.fuzzyCall(source())); // NOT OK
const wrappedSink = _.partial(testlib.fuzzyCall);
wrappedSink(source()); // NOT OK
_.partial(testlib.fuzzyCall, source()); // NOT OK
fuzzyCall(source()); // OK - does not come from 'testlib'
require('blah').fuzzyCall(source()); // OK - does not come from 'testlib'
}

1
javascript/ql/test/library-tests/frameworks/data/test.ql
View File

@@ -54,6 +54,7 @@ class Sinks extends ModelInput::SinkModelCsv {
"testlib;Member[typevar].TypeVar[ABC].Member[mySink].Argument[0];test-sink",
"testlib;Member[typevar].TypeVar[ABC].TypeVar[ABC].Member[mySink].Argument[1];test-sink",
"testlib;Member[typevar].TypeVar[LeftRight].Member[mySink].Argument[0];test-sink",
"testlib;Fuzzy.Member[fuzzyCall].Argument[0];test-sink"
]
}
}