hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add parameters of server functions as remote flow sources

Browse Source
This commit is contained in:
Asger F
2025-06-23 15:57:11 +02:00
parent d9f4e4a90d
commit cc1a28ac7e
4 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
javascript/ql/lib/semmle/javascript/frameworks/React.qll
View File

@@ -875,3 +875,22 @@ private class ReactPropAsViewComponentInput extends ViewComponentInput {
override string getSourceType() { result = "React props" }
}
private predicate isServerFunction(DataFlow::FunctionNode func) {
exists(Directive::UseServerDirective useServer |
useServer.getContainer() = func.getFunction()
or
useServer.getContainer().(Module).getAnExportedValue(_).getAFunctionValue() = func
)
}
private class ServerFunctionRemoteFlowSource extends RemoteFlowSource {
ServerFunctionRemoteFlowSource() {
exists(DataFlow::FunctionNode func |
isServerFunction(func) and
this = func.getAParameter()
)
}
override string getSourceType() { result = "React server function parameter" }
}