mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
Merge pull request #997 from asger-semmle/closure-promise
JS: model of closure Promises
This commit is contained in:
@@ -45,3 +45,57 @@ module Q {
|
||||
override DataFlow::FunctionNode getExecutor() { result = getCallback(0) }
|
||||
}
|
||||
}
|
||||
|
||||
private module ClosurePromise {
|
||||
/**
|
||||
* A promise created by a call `new goog.Promise(executor)`.
|
||||
*/
|
||||
private class ClosurePromiseDefinition extends PromiseDefinition, DataFlow::NewNode {
|
||||
ClosurePromiseDefinition() { this = Closure::moduleImport("goog.Promise").getACall() }
|
||||
|
||||
override DataFlow::FunctionNode getExecutor() { result = getCallback(0) }
|
||||
}
|
||||
|
||||
/**
|
||||
* A promise created by a call `goog.Promise.resolve(value)`.
|
||||
*/
|
||||
private class ResolvedClosurePromiseDefinition extends ResolvedPromiseDefinition {
|
||||
ResolvedClosurePromiseDefinition() {
|
||||
this = Closure::moduleImport("goog.Promise.resolve").getACall()
|
||||
}
|
||||
|
||||
override DataFlow::Node getValue() { result = getArgument(0) }
|
||||
}
|
||||
|
||||
/**
|
||||
* Taint steps through closure promise methods.
|
||||
*/
|
||||
private class ClosurePromiseTaintStep extends TaintTracking::AdditionalTaintStep {
|
||||
DataFlow::Node pred;
|
||||
|
||||
ClosurePromiseTaintStep() {
|
||||
// static methods in goog.Promise
|
||||
exists (DataFlow::CallNode call, string name |
|
||||
call = Closure::moduleImport("goog.Promise." + name).getACall() and
|
||||
this = call and
|
||||
pred = call.getAnArgument()
|
||||
|
|
||||
name = "all" or
|
||||
name = "allSettled" or
|
||||
name = "firstFulfilled" or
|
||||
name = "race"
|
||||
)
|
||||
or
|
||||
// promise created through goog.promise.withResolver()
|
||||
exists (DataFlow::CallNode resolver |
|
||||
resolver = Closure::moduleImport("goog.Promise.withResolver").getACall() and
|
||||
this = resolver.getAPropertyRead("promise") and
|
||||
pred = resolver.getAMethodCall("resolve").getArgument(0)
|
||||
)
|
||||
}
|
||||
|
||||
override predicate step(DataFlow::Node src, DataFlow::Node dst) {
|
||||
src = pred and dst = this
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user