hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15768 from asgerf/js/amd-pseudo-deps

Browse Source 
JS: Do not treat AMD pseudo-dependencies as imports
This commit is contained in:
Asger F
2024-03-13 12:49:17 +01:00
committed by GitHub
parent adefdfd59f 853397361f
commit c5a02dae2b
2 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
javascript/ql/lib/semmle/javascript/AMD.qll
View File

@@ -61,7 +61,13 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
}
/** Gets the `i`th dependency of this module definition. */
PathExpr getDependency(int i) { result = this.getDependencies().getElement(i) }
PathExpr getDependency(int i) {
exists(Expr expr |
expr = this.getDependencies().getElement(i) and
not isPseudoDependency(expr.getStringValue()) and
result = expr
)
}
/** Gets a dependency of this module definition. */
PathExpr getADependency() {
@@ -102,9 +108,10 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
/**
* Holds if `p` is the parameter corresponding to dependency `dep`.
*/
predicate dependencyParameter(PathExpr dep, Parameter p) {
predicate dependencyParameter(Expr dep, Parameter p) {
exists(int i |
dep = this.getDependency(i) and
// Note: to avoid spurious recursion, do not depend on PathExpr here
dep = this.getDependencies().getElement(i) and
p = this.getFactoryParameter(i)
)
}
@@ -122,9 +129,9 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
* `dep1` and `dep2`.
*/
Parameter getDependencyParameter(string name) {
exists(PathExpr dep |
exists(Expr dep |
this.dependencyParameter(dep, result) and
dep.getValue() = name
name = dep.getStringValue()
)
}
@@ -202,11 +209,15 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
}
}
private predicate isPseudoDependency(string s) { s = ["exports", "require", "module"] }
/** An AMD dependency, considered as a path expression. */
private class AmdDependencyPath extends PathExprCandidate {
AmdDependencyPath() {
exists(AmdModuleDefinition amd |
this = amd.getDependencies().getAnElement() or
this = amd.getDependencies().getAnElement() and
not isPseudoDependency(this.getStringValue())
or
this = amd.getARequireCall().getAnArgument()
)
}