hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8450 from erik-krogh/importAs

Browse Source 
disallow lowercase import-as aliases
This commit is contained in:
Erik Krogh Kristensen
2022-03-16 11:32:37 +01:00
committed by GitHub
parent 37293141ee b0fc958b32
commit cd9d61c1fc
12 changed files with 79 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll
View File

@@ -4,7 +4,7 @@
* Configures boosting for adaptive threat modeling (ATM).
*/
private import javascript as raw
private import javascript as JS
import EndpointTypes
/**
@@ -37,14 +37,14 @@ abstract class AtmConfig extends string {
*
* Holds if `source` is a known source of flow.
*/
predicate isKnownSource(raw::DataFlow::Node source) { none() }
predicate isKnownSource(JS::DataFlow::Node source) { none() }
/**
* EXPERIMENTAL. This API may change in the future.
*
* Holds if `sink` is a known sink of flow.
*/
predicate isKnownSink(raw::DataFlow::Node sink) { none() }
predicate isKnownSink(JS::DataFlow::Node sink) { none() }
/**
* EXPERIMENTAL. This API may change in the future.
@@ -52,7 +52,7 @@ abstract class AtmConfig extends string {
* Holds if the candidate source `candidateSource` predicted by the machine learning model should be
* an effective source, i.e. one considered as a possible source of flow in the boosted query.
*/
predicate isEffectiveSource(raw::DataFlow::Node candidateSource) { none() }
predicate isEffectiveSource(JS::DataFlow::Node candidateSource) { none() }
/**
* EXPERIMENTAL. This API may change in the future.
@@ -60,7 +60,7 @@ abstract class AtmConfig extends string {
* Holds if the candidate sink `candidateSink` predicted by the machine learning model should be
* an effective sink, i.e. one considered as a possible sink of flow in the boosted query.
*/
predicate isEffectiveSink(raw::DataFlow::Node candidateSink) { none() }
predicate isEffectiveSink(JS::DataFlow::Node candidateSink) { none() }
/**
* EXPERIMENTAL. This API may change in the future.

3
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/AdaptiveThreatModeling.qll
View File

@@ -4,8 +4,7 @@
* Provides information about the results of boosted queries for use in adaptive threat modeling (ATM).
*/
private import javascript as raw
private import raw::DataFlow as DataFlow
private import javascript::DataFlow as DataFlow
import ATMConfig
private import BaseScoring
private import EndpointScoring as EndpointScoring

38
javascript/ql/lib/semmle/javascript/frameworks/XmlParsers.qll
View File

@@ -2,9 +2,9 @@
* Provides classes for working with XML parser APIs.
*/
private import javascript as js
private import js::DataFlow as DataFlow
private import js::API as API
private import javascript as JS
private import JS::DataFlow as DataFlow
private import JS::API as API
module XML {
/**
@@ -21,9 +21,9 @@ module XML {
/**
* A call to an XML parsing function.
*/
abstract class ParserInvocation extends js::InvokeExpr {
abstract class ParserInvocation extends JS::InvokeExpr {
/** Gets an argument to this call that is parsed as XML. */
abstract js::Expr getSourceArgument();
abstract JS::Expr getSourceArgument();
/** Holds if this call to the XML parser resolves entities of the given `kind`. */
abstract predicate resolvesEntities(EntityKind kind);
@@ -46,14 +46,14 @@ module XML {
)
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(EntityKind kind) {
// internal entities are always resolved
kind = InternalEntity()
or
// other entities are only resolved if the configuration option `noent` is set to `true`
exists(js::Expr noent |
exists(JS::Expr noent |
hasOptionArgument(1, "noent", noent) and
noent.mayHaveBooleanValue(true)
)
@@ -121,7 +121,7 @@ module XML {
this = parser.getMember("parseString").getACall().asExpr()
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(EntityKind kind) {
// entities are resolved by default
@@ -144,7 +144,7 @@ module XML {
this = parser.getMember("push").getACall().asExpr()
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(EntityKind kind) {
// entities are resolved by default
@@ -167,7 +167,7 @@ module XML {
this = parser.getMember(["parse", "write"]).getACall().asExpr()
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(EntityKind kind) {
// only internal entities are resolved by default
@@ -193,7 +193,7 @@ module XML {
getArgument(1).mayHaveStringValue(any(string tp | tp.matches("%xml%")))
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(XML::EntityKind kind) { kind = InternalEntity() }
@@ -215,7 +215,7 @@ module XML {
)
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(XML::EntityKind kind) { any() }
}
@@ -225,10 +225,10 @@ module XML {
*/
private class GoogDomXmlParserInvocation extends XML::ParserInvocation {
GoogDomXmlParserInvocation() {
this.getCallee().(js::PropAccess).getQualifiedName() = "goog.dom.xml.loadXml"
this.getCallee().(JS::PropAccess).getQualifiedName() = "goog.dom.xml.loadXml"
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(XML::EntityKind kind) { kind = InternalEntity() }
}
@@ -246,7 +246,7 @@ module XML {
)
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(XML::EntityKind kind) {
// sax-js (the parser used) does not expand entities.
@@ -273,7 +273,7 @@ module XML {
this = parser.getAMemberCall("write").asExpr()
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(XML::EntityKind kind) {
// sax-js does not expand entities.
@@ -302,7 +302,7 @@ module XML {
.asExpr()
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(XML::EntityKind kind) {
// xml-js does not expand custom entities.
@@ -323,7 +323,7 @@ module XML {
this = parser.getReturn().getMember("write").getACall().asExpr()
}
override js::Expr getSourceArgument() { result = getArgument(0) }
override JS::Expr getSourceArgument() { result = getArgument(0) }
override predicate resolvesEntities(XML::EntityKind kind) {
// htmlparser2 does not expand entities.
@@ -341,7 +341,7 @@ module XML {
}
}
private class XmlParserTaintStep extends js::TaintTracking::SharedTaintStep {
private class XmlParserTaintStep extends JS::TaintTracking::SharedTaintStep {
override predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(XML::ParserInvocation parser |
pred.asExpr() = parser.getSourceArgument() and

8
javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
View File

@@ -13,13 +13,13 @@
* ```
*/
private import javascript as js
private import js::DataFlow as DataFlow
private import javascript as JS
private import JS::DataFlow as DataFlow
private import ApiGraphModels
class Unit = js::Unit;
class Unit = JS::Unit;
module API = js::API;
module API = JS::API;
import semmle.javascript.frameworks.data.internal.AccessPathSyntax as AccessPathSyntax
private import AccessPathSyntax