mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
Merge branch 'main' into redundantImport
This commit is contained in:
Erik Krogh Kristensen
@@ -1,3 +1,12 @@
|
||||
## 0.1.0
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The following predicates on `API::Node` have been changed so as not to include the receiver. The receiver should now only be accessed via `getReceiver()`.
|
||||
- `getParameter(int i)` previously included the receiver when `i = -1`
|
||||
- `getAParameter()` previously included the receiver
|
||||
- `getLastParameter()` previously included the receiver for calls with no arguments
|
||||
|
||||
## 0.0.14
|
||||
|
||||
## 0.0.13
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
## 0.1.0
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The following predicates on `API::Node` have been changed so as not to include the receiver. The receiver should now only be accessed via `getReceiver()`.
|
||||
- `getParameter(int i)` previously included the receiver when `i = -1`
|
||||
- `getAParameter()` previously included the receiver
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.0.14
|
||||
lastReleaseVersion: 0.1.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 0.1.0-dev
|
||||
version: 0.1.1-dev
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -383,8 +383,8 @@ module API {
|
||||
exists(Node pred, Label::ApiLabel lbl, string predpath |
|
||||
Impl::edge(pred, lbl, this) and
|
||||
predpath = pred.getAPath(length - 1) and
|
||||
exists(string space | if length = 1 then space = "" else space = " " |
|
||||
result = "(" + lbl + space + predpath + ")" and
|
||||
exists(string dot | if length = 1 then dot = "" else dot = "." |
|
||||
result = predpath + dot + lbl and
|
||||
// avoid producing strings longer than 1MB
|
||||
result.length() < 1000 * 1000
|
||||
)
|
||||
@@ -1330,22 +1330,22 @@ module API {
|
||||
/** Gets the EntryPoint associated with this label. */
|
||||
API::EntryPoint getEntryPoint() { result = e }
|
||||
|
||||
override string toString() { result = e }
|
||||
override string toString() { result = "getASuccessor(Label::entryPoint(\"" + e + "\"))" }
|
||||
}
|
||||
|
||||
/** A label that gets a promised value. */
|
||||
class LabelPromised extends ApiLabel, MkLabelPromised {
|
||||
override string toString() { result = "promised" }
|
||||
override string toString() { result = "getPromised()" }
|
||||
}
|
||||
|
||||
/** A label that gets a rejected promise. */
|
||||
class LabelPromisedError extends ApiLabel, MkLabelPromisedError {
|
||||
override string toString() { result = "promisedError" }
|
||||
override string toString() { result = "getPromisedError()" }
|
||||
}
|
||||
|
||||
/** A label that gets the return value of a function. */
|
||||
class LabelReturn extends ApiLabel, MkLabelReturn {
|
||||
override string toString() { result = "return" }
|
||||
override string toString() { result = "getReturn()" }
|
||||
}
|
||||
|
||||
/** A label for a module. */
|
||||
@@ -1357,12 +1357,13 @@ module API {
|
||||
/** Gets the module associated with this label. */
|
||||
string getMod() { result = mod }
|
||||
|
||||
override string toString() { result = "module " + mod }
|
||||
// moduleImport is not neccesarilly the predicate to use, but it's close enough for most cases.
|
||||
override string toString() { result = "moduleImport(\"" + mod + "\")" }
|
||||
}
|
||||
|
||||
/** A label that gets an instance from a `new` call. */
|
||||
class LabelInstance extends ApiLabel, MkLabelInstance {
|
||||
override string toString() { result = "instance" }
|
||||
override string toString() { result = "getInstance()" }
|
||||
}
|
||||
|
||||
/** A label for the member named `prop`. */
|
||||
@@ -1374,14 +1375,14 @@ module API {
|
||||
/** Gets the property associated with this label. */
|
||||
string getProperty() { result = prop }
|
||||
|
||||
override string toString() { result = "member " + prop }
|
||||
override string toString() { result = "getMember(\"" + prop + "\")" }
|
||||
}
|
||||
|
||||
/** A label for a member with an unknown name. */
|
||||
class LabelUnknownMember extends ApiLabel, MkLabelUnknownMember {
|
||||
LabelUnknownMember() { this = MkLabelUnknownMember() }
|
||||
|
||||
override string toString() { result = "member *" }
|
||||
override string toString() { result = "getUnknownMember()" }
|
||||
}
|
||||
|
||||
/** A label for parameter `i`. */
|
||||
@@ -1390,7 +1391,7 @@ module API {
|
||||
|
||||
LabelParameter() { this = MkLabelParameter(i) }
|
||||
|
||||
override string toString() { result = "parameter " + i }
|
||||
override string toString() { result = "getParameter(" + i + ")" }
|
||||
|
||||
/** Gets the index of the parameter for this label. */
|
||||
int getIndex() { result = i }
|
||||
@@ -1398,22 +1399,22 @@ module API {
|
||||
|
||||
/** A label for the receiver of call, that is, the value passed as `this`. */
|
||||
class LabelReceiver extends ApiLabel, MkLabelReceiver {
|
||||
override string toString() { result = "receiver" }
|
||||
override string toString() { result = "getReceiver()" }
|
||||
}
|
||||
|
||||
/** A label for a class decorated by the current value. */
|
||||
class LabelDecoratedClass extends ApiLabel, MkLabelDecoratedClass {
|
||||
override string toString() { result = "decorated-class" }
|
||||
override string toString() { result = "getADecoratedClass()" }
|
||||
}
|
||||
|
||||
/** A label for a method, field, or accessor decorated by the current value. */
|
||||
class LabelDecoratedMethod extends ApiLabel, MkLabelDecoratedMember {
|
||||
override string toString() { result = "decorated-member" }
|
||||
override string toString() { result = "decoratedMember()" }
|
||||
}
|
||||
|
||||
/** A label for a parameter decorated by the current value. */
|
||||
class LabelDecoratedParameter extends ApiLabel, MkLabelDecoratedParameter {
|
||||
override string toString() { result = "decorated-parameter" }
|
||||
override string toString() { result = "decoratedParameter()" }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -88,7 +88,7 @@ module Routing {
|
||||
* The location spans column `startcolumn` of line `startline` to
|
||||
* column `endcolumn` of line `endline` in file `filepath`.
|
||||
* For more information, see
|
||||
* [Locations](https://help.semmle.com/QL/learn-ql/ql/locations.html).
|
||||
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries).
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
|
||||
@@ -1977,20 +1977,26 @@ module PathGraph {
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets an operand of the given `&&` operator.
|
||||
*
|
||||
* We use this to construct the transitive closure over a relation
|
||||
* that does not include all of `BinaryExpr.getAnOperand`.
|
||||
* Gets a logical `and` expression, or parenthesized expression, that contains `guard`.
|
||||
*/
|
||||
private Expr getALogicalAndOperand(LogAndExpr e) { result = e.getAnOperand() }
|
||||
private Expr getALogicalAndParent(BarrierGuardNode guard) {
|
||||
barrierGuardIsRelevant(guard) and result = guard.asExpr()
|
||||
or
|
||||
result.(LogAndExpr).getAnOperand() = getALogicalAndParent(guard)
|
||||
or
|
||||
result.getUnderlyingValue() = getALogicalAndParent(guard)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets an operand of the given `||` operator.
|
||||
*
|
||||
* We use this to construct the transitive closure over a relation
|
||||
* that does not include all of `BinaryExpr.getAnOperand`.
|
||||
* Gets a logical `or` expression, or parenthesized expression, that contains `guard`.
|
||||
*/
|
||||
private Expr getALogicalOrOperand(LogOrExpr e) { result = e.getAnOperand() }
|
||||
private Expr getALogicalOrParent(BarrierGuardNode guard) {
|
||||
barrierGuardIsRelevant(guard) and result = guard.asExpr()
|
||||
or
|
||||
result.(LogOrExpr).getAnOperand() = getALogicalOrParent(guard)
|
||||
or
|
||||
result.getUnderlyingValue() = getALogicalOrParent(guard)
|
||||
}
|
||||
|
||||
/**
|
||||
* A `BarrierGuardNode` that controls which data flow
|
||||
@@ -2020,10 +2026,10 @@ private class BarrierGuardFunction extends Function {
|
||||
returnExpr = guard.asExpr()
|
||||
or
|
||||
// ad hoc support for conjunctions:
|
||||
getALogicalAndOperand+(returnExpr) = guard.asExpr() and guardOutcome = true
|
||||
getALogicalAndParent(guard) = returnExpr and guardOutcome = true
|
||||
or
|
||||
// ad hoc support for disjunctions:
|
||||
getALogicalOrOperand+(returnExpr) = guard.asExpr() and guardOutcome = false
|
||||
getALogicalOrParent(guard) = returnExpr and guardOutcome = false
|
||||
|
|
||||
exists(SsaExplicitDefinition ssa |
|
||||
ssa.getDef().getSource() = returnExpr and
|
||||
|
||||
@@ -589,6 +589,13 @@ module DataFlow {
|
||||
* Gets the node where the property write happens in the control flow graph.
|
||||
*/
|
||||
abstract ControlFlowNode getWriteNode();
|
||||
|
||||
/**
|
||||
* If this installs an accessor on an object, as opposed to a regular property,
|
||||
* gets the body of the accessor. `isSetter` is true if installing a setter, and
|
||||
* false is installing a getter.
|
||||
*/
|
||||
DataFlow::FunctionNode getInstalledAccessor(boolean isSetter) { none() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -628,6 +635,17 @@ module DataFlow {
|
||||
|
||||
override Node getRhs() { result = valueNode(prop.(ValueProperty).getInit()) }
|
||||
|
||||
override DataFlow::FunctionNode getInstalledAccessor(boolean isSetter) {
|
||||
(
|
||||
prop instanceof PropertySetter and
|
||||
isSetter = true
|
||||
or
|
||||
prop instanceof PropertyGetter and
|
||||
isSetter = false
|
||||
) and
|
||||
result = valueNode(prop.getInit())
|
||||
}
|
||||
|
||||
override ControlFlowNode getWriteNode() { result = prop }
|
||||
}
|
||||
|
||||
@@ -688,6 +706,17 @@ module DataFlow {
|
||||
result = valueNode(prop.getInit())
|
||||
}
|
||||
|
||||
override DataFlow::FunctionNode getInstalledAccessor(boolean isSetter) {
|
||||
(
|
||||
prop instanceof SetterMethodDefinition and
|
||||
isSetter = true
|
||||
or
|
||||
prop instanceof GetterMethodDefinition and
|
||||
isSetter = false
|
||||
) and
|
||||
result = valueNode(prop.getInit())
|
||||
}
|
||||
|
||||
override ControlFlowNode getWriteNode() { result = prop }
|
||||
}
|
||||
|
||||
@@ -711,6 +740,17 @@ module DataFlow {
|
||||
result = valueNode(prop.getInit())
|
||||
}
|
||||
|
||||
override DataFlow::FunctionNode getInstalledAccessor(boolean isSetter) {
|
||||
(
|
||||
prop instanceof SetterMethodDefinition and
|
||||
isSetter = true
|
||||
or
|
||||
prop instanceof GetterMethodDefinition and
|
||||
isSetter = false
|
||||
) and
|
||||
result = valueNode(prop.getInit())
|
||||
}
|
||||
|
||||
override ControlFlowNode getWriteNode() { result = prop }
|
||||
}
|
||||
|
||||
|
||||
@@ -898,17 +898,31 @@ class ClassNode extends DataFlow::SourceNode instanceof ClassNode::Range {
|
||||
*/
|
||||
FunctionNode getAnInstanceMember() { result = super.getAnInstanceMember(_) }
|
||||
|
||||
/**
|
||||
* Gets the static method, getter, or setter declared in this class with the given name and kind.
|
||||
*/
|
||||
FunctionNode getStaticMember(string name, MemberKind kind) {
|
||||
result = super.getStaticMember(name, kind)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the static method declared in this class with the given name.
|
||||
*/
|
||||
FunctionNode getStaticMethod(string name) { result = super.getStaticMethod(name) }
|
||||
FunctionNode getStaticMethod(string name) {
|
||||
result = this.getStaticMember(name, MemberKind::method())
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a static method, getter, or setter declared in this class with the given kind.
|
||||
*/
|
||||
FunctionNode getAStaticMember(MemberKind kind) { result = super.getAStaticMember(kind) }
|
||||
|
||||
/**
|
||||
* Gets a static method declared in this class.
|
||||
*
|
||||
* The constructor is not considered a static method.
|
||||
*/
|
||||
FunctionNode getAStaticMethod() { result = super.getAStaticMethod() }
|
||||
FunctionNode getAStaticMethod() { result = this.getAStaticMember(MemberKind::method()) }
|
||||
|
||||
/**
|
||||
* Gets a dataflow node that refers to the superclass of this class.
|
||||
@@ -1119,18 +1133,34 @@ module ClassNode {
|
||||
abstract FunctionNode getAnInstanceMember(MemberKind kind);
|
||||
|
||||
/**
|
||||
* Gets the static member of this class with the given name and kind.
|
||||
*/
|
||||
cached
|
||||
abstract FunctionNode getStaticMember(string name, MemberKind kind);
|
||||
|
||||
/**
|
||||
* DEPRECATED. Override `getStaticMember` instead.
|
||||
*
|
||||
* Gets the static method of this class with the given name.
|
||||
*/
|
||||
cached
|
||||
abstract FunctionNode getStaticMethod(string name);
|
||||
deprecated FunctionNode getStaticMethod(string name) { none() }
|
||||
|
||||
/**
|
||||
* Gets a static member of this class of the given kind.
|
||||
*/
|
||||
cached
|
||||
abstract FunctionNode getAStaticMember(MemberKind kind);
|
||||
|
||||
/**
|
||||
* DEPRECATED. Override `getAStaticMember` instead.
|
||||
*
|
||||
* Gets a static method of this class.
|
||||
*
|
||||
* The constructor is not considered a static method.
|
||||
*/
|
||||
cached
|
||||
abstract FunctionNode getAStaticMethod();
|
||||
deprecated FunctionNode getAStaticMethod() { none() }
|
||||
|
||||
/**
|
||||
* Gets a dataflow node representing a class to be used as the super-class
|
||||
@@ -1186,23 +1216,27 @@ module ClassNode {
|
||||
result = this.getConstructor().getReceiver().getAPropertySource()
|
||||
}
|
||||
|
||||
override FunctionNode getStaticMethod(string name) {
|
||||
override FunctionNode getStaticMember(string name, MemberKind kind) {
|
||||
exists(MethodDeclaration method |
|
||||
method = astNode.getMethod(name) and
|
||||
method.isStatic() and
|
||||
kind = MemberKind::of(method) and
|
||||
result = method.getBody().flow()
|
||||
)
|
||||
or
|
||||
kind.isMethod() and
|
||||
result = this.getAPropertySource(name)
|
||||
}
|
||||
|
||||
override FunctionNode getAStaticMethod() {
|
||||
override FunctionNode getAStaticMember(MemberKind kind) {
|
||||
exists(MethodDeclaration method |
|
||||
method = astNode.getAMethod() and
|
||||
method.isStatic() and
|
||||
kind = MemberKind::of(method) and
|
||||
result = method.getBody().flow()
|
||||
)
|
||||
or
|
||||
kind.isMethod() and
|
||||
result = this.getAPropertySource()
|
||||
}
|
||||
|
||||
@@ -1300,9 +1334,15 @@ module ClassNode {
|
||||
)
|
||||
}
|
||||
|
||||
override FunctionNode getStaticMethod(string name) { result = this.getAPropertySource(name) }
|
||||
override FunctionNode getStaticMember(string name, MemberKind kind) {
|
||||
kind.isMethod() and
|
||||
result = this.getAPropertySource(name)
|
||||
}
|
||||
|
||||
override FunctionNode getAStaticMethod() { result = this.getAPropertySource() }
|
||||
override FunctionNode getAStaticMember(MemberKind kind) {
|
||||
kind.isMethod() and
|
||||
result = this.getAPropertySource()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a reference to the prototype of this class.
|
||||
|
||||
@@ -189,25 +189,43 @@ module CallGraph {
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `ref` installs an accessor on an object. Such property writes should not
|
||||
* be considered calls to an accessor.
|
||||
*/
|
||||
pragma[nomagic]
|
||||
private predicate isAccessorInstallation(DataFlow::PropWrite write) {
|
||||
exists(write.getInstalledAccessor(_))
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a getter or setter invoked as a result of the given property access.
|
||||
*/
|
||||
cached
|
||||
DataFlow::FunctionNode getAnAccessorCallee(DataFlow::PropRef ref) {
|
||||
exists(DataFlow::ClassNode cls, string name |
|
||||
ref = cls.getAnInstanceMemberAccess(name) and
|
||||
result = cls.getInstanceMember(name, DataFlow::MemberKind::getter())
|
||||
not isAccessorInstallation(ref) and
|
||||
(
|
||||
exists(DataFlow::ClassNode cls, string name |
|
||||
ref = cls.getAnInstanceMemberAccess(name) and
|
||||
result = cls.getInstanceMember(name, DataFlow::MemberKind::getter())
|
||||
or
|
||||
ref = getAnInstanceMemberAssignment(cls, name) and
|
||||
result = cls.getInstanceMember(name, DataFlow::MemberKind::setter())
|
||||
or
|
||||
ref = cls.getAClassReference().getAPropertyRead(name) and
|
||||
result = cls.getStaticMember(name, DataFlow::MemberKind::getter())
|
||||
or
|
||||
ref = cls.getAClassReference().getAPropertyWrite(name) and
|
||||
result = cls.getStaticMember(name, DataFlow::MemberKind::setter())
|
||||
)
|
||||
or
|
||||
ref = getAnInstanceMemberAssignment(cls, name) and
|
||||
result = cls.getInstanceMember(name, DataFlow::MemberKind::setter())
|
||||
)
|
||||
or
|
||||
exists(DataFlow::ObjectLiteralNode object, string name |
|
||||
ref = getAnAllocationSiteRef(object).getAPropertyRead(name) and
|
||||
result = object.getPropertyGetter(name)
|
||||
or
|
||||
ref = getAnAllocationSiteRef(object).getAPropertyWrite(name) and
|
||||
result = object.getPropertySetter(name)
|
||||
exists(DataFlow::ObjectLiteralNode object, string name |
|
||||
ref = getAnAllocationSiteRef(object).getAPropertyRead(name) and
|
||||
result = object.getPropertyGetter(name)
|
||||
or
|
||||
ref = getAnAllocationSiteRef(object).getAPropertyWrite(name) and
|
||||
result = object.getPropertySetter(name)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -139,7 +139,7 @@ private module CachedSteps {
|
||||
* Holds if `invk` may invoke `f`.
|
||||
*/
|
||||
cached
|
||||
predicate calls(DataFlow::SourceNode invk, Function f) {
|
||||
predicate calls(DataFlow::Node invk, Function f) {
|
||||
f = invk.(DataFlow::InvokeNode).getACallee(0)
|
||||
or
|
||||
f = invk.(DataFlow::PropRef).getAnAccessorCallee().getFunction()
|
||||
|
||||
@@ -149,7 +149,7 @@ class AccessPath extends string instanceof AccessPath::Range {
|
||||
* An access part token such as `Argument[1]` or `ReturnValue`, appearing in one or more access paths.
|
||||
*/
|
||||
class AccessPathToken extends string {
|
||||
AccessPathToken() { this = getRawToken(any(AccessPath path), _) }
|
||||
AccessPathToken() { this = getRawToken(_, _) }
|
||||
|
||||
private string getPart(int part) {
|
||||
result = this.regexpCapture("([^\\[]+)(?:\\[([^\\]]*)\\])?", part)
|
||||
|
||||
@@ -1,3 +1,15 @@
|
||||
## 0.1.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `js/resource-exhaustion` query has been added. It highlights locations where an attacker can cause a large amount of resources to be consumed.
|
||||
The query previously existed as an experimental query.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved handling of custom DOM elements, potentially leading to more alerts for the XSS queries.
|
||||
* Improved taint tracking through calls to the `Array.prototype.reduce` function.
|
||||
|
||||
## 0.0.14
|
||||
|
||||
## 0.0.13
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved handling of custom DOM elements, potentially leading to more alerts for the XSS queries.
|
||||
* Improved taint tracking through calls to the `Array.prototype.reduce` function.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The `js/resource-exhaustion` query has been added. It highlights locations where an attacker can cause a large amount of resources to be consumed.
|
||||
The query previously existed as an experimental query.
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The call graph now deals more precisely with calls to accessors (getters and setters).
|
||||
Previously, calls to static accessors were not resolved, and some method calls were
|
||||
incorrectly seen as calls to an accessor. Both issues have been fixed.
|
||||
11
javascript/ql/src/change-notes/released/0.1.0.md
Normal file
11
javascript/ql/src/change-notes/released/0.1.0.md
Normal file
@@ -0,0 +1,11 @@
|
||||
## 0.1.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `js/resource-exhaustion` query has been added. It highlights locations where an attacker can cause a large amount of resources to be consumed.
|
||||
The query previously existed as an experimental query.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved handling of custom DOM elements, potentially leading to more alerts for the XSS queries.
|
||||
* Improved taint tracking through calls to the `Array.prototype.reduce` function.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.0.14
|
||||
lastReleaseVersion: 0.1.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 0.1.0-dev
|
||||
version: 0.1.1-dev
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
/**
|
||||
* A test query that verifies assertions about the API graph embedded in source-code comments.
|
||||
*
|
||||
* An assertion is a comment of the form `def <path>` or `use <path>`, and asserts that
|
||||
* there is a def/use feature reachable from the root along the given path (described using
|
||||
* s-expression syntax), and its associated data-flow node must start on the same line as the
|
||||
* comment.
|
||||
* An assertion is a comment of the form `def=<path>` or `use=<path>`, and asserts that
|
||||
* there is a def/use feature reachable from the root along the given path, and its
|
||||
* associated data-flow node must start on the same line as the comment.
|
||||
*
|
||||
* We also support negative assertions of the form `!def <path>` or `!use <path>`, which assert
|
||||
* We also support negative assertions of the form `MISSING: def <path>` or `MISSING: use <path>`, which assert
|
||||
* that there _isn't_ a node with the given path on the same line.
|
||||
*
|
||||
* The query only produces output for failed assertions, meaning that it should have no output
|
||||
@@ -39,44 +38,55 @@ private string getLoc(DataFlow::Node nd) {
|
||||
* An assertion matching a data-flow node against an API-graph feature.
|
||||
*/
|
||||
class Assertion extends Comment {
|
||||
string polarity;
|
||||
string expectedKind;
|
||||
string expectedLoc;
|
||||
string path;
|
||||
string polarity;
|
||||
|
||||
Assertion() {
|
||||
exists(string txt, string rex |
|
||||
txt = this.getText().trim() and
|
||||
rex = "(!?)(def|use) .*"
|
||||
rex = ".*?((?:MISSING: )?)(def|use)=([\\w\\(\\)\"\\.\\-\\/\\@\\:]*).*"
|
||||
|
|
||||
polarity = txt.regexpCapture(rex, 1) and
|
||||
expectedKind = txt.regexpCapture(rex, 2) and
|
||||
path = txt.regexpCapture(rex, 3) and
|
||||
expectedLoc = this.getFile().getAbsolutePath() + ":" + this.getLocation().getStartLine()
|
||||
)
|
||||
}
|
||||
|
||||
string getEdgeLabel(int i) { result = this.getText().regexpFind("(?<=\\()[^()]+", i, _).trim() }
|
||||
string getEdgeLabel(int i) {
|
||||
// matches a single edge. E.g. `getParameter(1)` or `getMember("foo")`.
|
||||
// The lookbehind/lookahead ensure that the boundary is correct, that is
|
||||
// either the edge is next to a ".", or it's the end of the string.
|
||||
result = path.regexpFind("(?<=\\.|^)([\\w\\(\\)\"\\-\\/\\@\\:]+)(?=\\.|$)", i, _).trim()
|
||||
}
|
||||
|
||||
int getPathLength() { result = max(int i | exists(this.getEdgeLabel(i))) + 1 }
|
||||
|
||||
predicate isNegative() { polarity = "MISSING: " }
|
||||
|
||||
API::Node lookup(int i) {
|
||||
i = this.getPathLength() and
|
||||
i = 0 and
|
||||
result = API::root()
|
||||
or
|
||||
result =
|
||||
this.lookup(i + 1)
|
||||
.getASuccessor(any(API::Label::ApiLabel label | label.toString() = this.getEdgeLabel(i)))
|
||||
this.lookup(i - 1)
|
||||
.getASuccessor(any(API::Label::ApiLabel label |
|
||||
label.toString() = this.getEdgeLabel(i - 1)
|
||||
))
|
||||
}
|
||||
|
||||
predicate isNegative() { polarity = "!" }
|
||||
API::Node lookup() { result = this.lookup(this.getPathLength()) }
|
||||
|
||||
predicate holds() { getLoc(getNode(this.lookup(0), expectedKind)) = expectedLoc }
|
||||
predicate holds() { getLoc(getNode(this.lookup(), expectedKind)) = expectedLoc }
|
||||
|
||||
string tryExplainFailure() {
|
||||
exists(int i, API::Node nd, string prefix, string suffix |
|
||||
nd = this.lookup(i) and
|
||||
i > 0 and
|
||||
not exists(this.lookup([0 .. i - 1])) and
|
||||
prefix = nd + " has no outgoing edge labelled " + this.getEdgeLabel(i - 1) + ";" and
|
||||
i < getPathLength() and
|
||||
not exists(this.lookup([i + 1 .. getPathLength()])) and
|
||||
prefix = nd + " has no outgoing edge labelled " + this.getEdgeLabel(i) + ";" and
|
||||
if exists(nd.getASuccessor())
|
||||
then
|
||||
suffix =
|
||||
@@ -91,13 +101,13 @@ class Assertion extends Comment {
|
||||
result = prefix + " " + suffix
|
||||
)
|
||||
or
|
||||
exists(API::Node nd, string kind | nd = this.lookup(0) |
|
||||
exists(API::Node nd, string kind | nd = this.lookup() |
|
||||
exists(getNode(nd, kind)) and
|
||||
not exists(getNode(nd, expectedKind)) and
|
||||
result = "Expected " + expectedKind + " node, but found " + kind + " node."
|
||||
)
|
||||
or
|
||||
exists(DataFlow::Node nd | nd = getNode(this.lookup(0), expectedKind) |
|
||||
exists(DataFlow::Node nd | nd = getNode(this.lookup(), expectedKind) |
|
||||
not getLoc(nd) = expectedLoc and
|
||||
result = "Node not found on this line (but there is one on line " + min(getLoc(nd)) + ")."
|
||||
)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
const assert = require("assert");
|
||||
|
||||
let o = {
|
||||
foo: 23 /* def (member foo (parameter 0 (member equal (member exports (module assert))))) */
|
||||
foo: 23 // def=moduleImport("assert").getMember("exports").getMember("equal").getParameter(0).getMember("foo")
|
||||
};
|
||||
assert.equal(o, o);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
const fs = require('fs-extra');
|
||||
|
||||
module.exports.foo = async function foo() {
|
||||
return await fs.copy('/tmp/myfile', '/tmp/mynewfile'); /* use (promised (return (member copy (member exports (module fs-extra))))) */ /* def (promised (return (member foo (member exports (module async-await))))) */
|
||||
return await fs.copy('/tmp/myfile', '/tmp/mynewfile'); /* use=moduleImport("fs-extra").getMember("exports").getMember("copy").getReturn().getPromised()*/ /* def=moduleImport("async-await").getMember("exports").getMember("foo").getReturn().getPromised() */
|
||||
};
|
||||
|
||||
@@ -5,5 +5,5 @@ async function readFileUtf8(path: string): Promise<string> {
|
||||
}
|
||||
|
||||
async function test(path: string) {
|
||||
await readFileUtf8(path); /* use (promised (return (member readFile (member exports (module fs/promises))))) */
|
||||
await readFileUtf8(path); /* use=moduleImport("fs/promises").getMember("exports").getMember("readFile").getReturn() */
|
||||
}
|
||||
|
||||
@@ -1,24 +1,24 @@
|
||||
import bar from 'foo';
|
||||
|
||||
let boundbar = bar.bind(
|
||||
"receiver", // def (receiver (member default (member exports (module foo))))
|
||||
"firstarg" // def (parameter 0 (member default (member exports (module foo))))
|
||||
"receiver", // def=moduleImport("foo").getMember("exports").getMember("default").getReceiver()
|
||||
"firstarg" // def=moduleImport("foo").getMember("exports").getMember("default").getParameter(0)
|
||||
);
|
||||
boundbar(
|
||||
"secondarg" // def (parameter 1 (member default (member exports (module foo))))
|
||||
"secondarg" // def=moduleImport("foo").getMember("exports").getMember("default").getParameter(1)
|
||||
)
|
||||
|
||||
let boundbar2 = boundbar.bind(
|
||||
"ignored", // !def (receiver (member default (member exports (module foo))))
|
||||
"othersecondarg" // def (parameter 1 (member default (member exports (module foo))))
|
||||
"ignored", // MISSING: def=moduleImport("foo").getMember("exports)".getMember("default").getReceiver()
|
||||
"othersecondarg" // def=moduleImport("foo").getMember("exports").getMember("default").getParameter(1)
|
||||
)
|
||||
boundbar2(
|
||||
"thirdarg" // def (parameter 2 (member default (member exports (module foo))))
|
||||
"thirdarg" // def=moduleImport("foo").getMember("exports").getMember("default").getParameter(2)
|
||||
)
|
||||
|
||||
let bar2 = bar;
|
||||
for (var i = 0; i < 2; ++i)
|
||||
bar2 = bar2.bind(
|
||||
null,
|
||||
i /* def (parameter 1 (member default (member exports (module foo)))) */ /* def (parameter 9 (member default (member exports (module foo)))) */
|
||||
i /* def=moduleImport("foo").getMember("exports").getMember("default").getParameter(1) */ /* def=moduleImport("foo").getMember("exports").getMember("default").getParameter(9) */
|
||||
);
|
||||
|
||||
@@ -3,5 +3,5 @@ const fs = require('fs');
|
||||
exports.foo = function (cb) {
|
||||
if (!cb)
|
||||
cb = function () { };
|
||||
cb(fs.readFileSync("/etc/passwd")); /* def (parameter 0 (parameter 0 (member foo (member exports (module branching-flow))))) */
|
||||
cb(fs.readFileSync("/etc/passwd")); /* def=moduleImport("branching-flow").getMember("exports").getMember("foo").getParameter(0).getParameter(0) */
|
||||
};
|
||||
@@ -9,19 +9,19 @@ util.inherits(MyStream, EventEmitter);
|
||||
|
||||
MyStream.prototype.write = (data) => this.emit('data', data);
|
||||
|
||||
function MyOtherStream() { /* use (instance (member MyOtherStream (member exports (module classes)))) */
|
||||
function MyOtherStream() { /* use=moduleImport("classes").getMember("exports").getMember("MyOtherStream").getInstance() */
|
||||
EventEmitter.call(this);
|
||||
}
|
||||
|
||||
util.inherits(MyOtherStream, EventEmitter);
|
||||
|
||||
MyOtherStream.prototype.write = function (data) { /* use (instance (member MyOtherStream (member exports (module classes)))) */
|
||||
MyOtherStream.prototype.write = function (data) { /* use=moduleImport("classes").getMember("exports").getMember("MyOtherStream").getInstance() */
|
||||
this.emit('data', data);
|
||||
return this;
|
||||
};
|
||||
|
||||
MyOtherStream.prototype.instanceProp = 1; /* def (member instanceProp (instance (member MyOtherStream (member exports (module classes))))) */
|
||||
MyOtherStream.prototype.instanceProp = 1; /* def=moduleImport("classes").getMember("exports").getMember("MyOtherStream").getInstance().getMember("instanceProp") */
|
||||
|
||||
MyOtherStream.classProp = 1; /* def (member classProp (member MyOtherStream (member exports (module classes)))) */
|
||||
MyOtherStream.classProp = 1; /* def=moduleImport("classes").getMember("exports").getMember("MyOtherStream").getMember("classProp") */
|
||||
|
||||
module.exports.MyOtherStream = MyOtherStream;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
export class A {
|
||||
constructor(x) { /* use (parameter 0 (member A (member exports (module ctor-arg)))) */
|
||||
constructor(x) { /* use=moduleImport("ctor-arg").getMember("exports").getMember("A").getParameter(0) */
|
||||
console.log(x);
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
module.exports = CustomEntryPoint.foo; /* use (member foo (CustomEntryPoint)) */
|
||||
module.exports = CustomEntryPoint.foo; /* use=getASuccessor(Label::entryPoint("CustomEntryPoint")) */
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
const foo = require("foo");
|
||||
|
||||
while(foo)
|
||||
foo = foo.foo; /* use (member foo (member exports (module foo))) */ /* use (member foo (member foo (member exports (module foo)))) */
|
||||
foo = foo.foo; /* use=moduleImport("foo").getMember("exports").getMember("foo") */ /* use=moduleImport("foo").getMember("exports").getMember("foo").getMember("foo") */
|
||||
|
||||
@@ -2,4 +2,4 @@ const MyStream = require('classes').MyStream;
|
||||
|
||||
var s = new MyStream();
|
||||
for (let m of ["write"])
|
||||
s[m]("Hello, world!"); /* use (member * (instance (member MyStream (member exports (module classes))))) */
|
||||
s[m]("Hello, world!"); /* use=moduleImport("classes").getMember("exports").getMember("MyStream").getInstance().getUnknownMember() */
|
||||
@@ -1,3 +1,3 @@
|
||||
anotherUnknownFunction().foo = 42; /* !def (member foo (member exports (module imprecise-export))) */
|
||||
anotherUnknownFunction().foo = 42; /* MISSING: def=moduleExport("imprecise-export").getMember("exports").getMember("foo") */
|
||||
|
||||
module.exports = unknownFunction();
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
const http = require('http');
|
||||
let req = http.get(url, cb);
|
||||
req.on('connect', (
|
||||
req, /* use (parameter 0 (parameter 1 (member on (return (member get (member exports (module http))))))) */
|
||||
req, /* use=moduleImport("http").getMember("exports").getMember("get").getReturn().getMember("on").getParameter(1).getParameter(0) */
|
||||
clientSocket, head) => { /* ... */ });
|
||||
req.on('information', (
|
||||
info /* use (parameter 0 (parameter 1 (member on (return (member get (member exports (module http))))))) */
|
||||
info /* use=moduleImport("http").getMember("exports").getMember("get").getReturn().getMember("on").getParameter(1).getParameter(0) */
|
||||
) => { /* ... */ });
|
||||
|
||||
req.on('connect', () => { }) /* def (parameter 0 (member on (return (member get (member exports (module http)))))) */
|
||||
.on('information', () => { }) /* def (parameter 0 (member on (return (member on (return (member get (member exports (module http)))))))) */;
|
||||
req.on('connect', () => { }) /* def=moduleImport("http").getMember("exports").getMember("get").getReturn().getMember("on").getParameter(0) */
|
||||
.on('information', () => { }) /* def=moduleImport("http").getMember("exports").getMember("get").getReturn().getMember("on").getReturn().getMember("on").getParameter(0) */;
|
||||
@@ -1,2 +1,2 @@
|
||||
import foo from "@myorg/myotherpkg";
|
||||
foo(); /* use (member default (member exports (module @myorg/myotherpkg))) */
|
||||
foo(); /* use=moduleImport("@myorg/myotherpkg").getMember("exports").getMember("default") */
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
module.exports.foo = function (x) { /* use (parameter 0 (member foo (member exports (module nested-property-export)))) */
|
||||
module.exports.foo = function (x) { /* use=moduleImport("nested-property-export").getMember("exports").getMember("foo").getParameter(0) */
|
||||
return x;
|
||||
};
|
||||
|
||||
module.exports.foo.bar = function (y) { /* use (parameter 0 (member bar (member foo (member exports (module nested-property-export))))) */
|
||||
module.exports.foo.bar = function (y) { /* use=moduleImport("nested-property-export").getMember("exports").getMember("foo").getMember("bar").getParameter(0) */
|
||||
return y;
|
||||
};
|
||||
|
||||
@@ -2,7 +2,7 @@ const express = require('express');
|
||||
|
||||
var app1 = new express();
|
||||
app1.get('/',
|
||||
(req, res) => res.send('Hello World!') /* def (parameter 1 (member get (instance (member exports (module express))))) */
|
||||
(req, res) => res.send('Hello World!') /* def=moduleImport("express").getMember("exports").getInstance().getMember("get").getParameter(1) */
|
||||
);
|
||||
|
||||
function makeApp() {
|
||||
@@ -11,5 +11,5 @@ function makeApp() {
|
||||
|
||||
var app2 = makeApp();
|
||||
app2.get('/',
|
||||
(req, res) => res.send('Hello World!') /* def (parameter 1 (member get (instance (member exports (module express))))) */
|
||||
(req, res) => res.send('Hello World!') /* def=moduleImport("express").getMember("exports").getInstance().getMember("get").getParameter(1) */
|
||||
);
|
||||
@@ -2,7 +2,7 @@ const cp = require('child_process');
|
||||
|
||||
module.exports = function () {
|
||||
return cp.spawn.bind(
|
||||
cp, // def (receiver (member spawn (member exports (module child_process))))
|
||||
"cat" // def (parameter 0 (member spawn (member exports (module child_process))))
|
||||
cp, // def=moduleImport("child_process").getMember("exports").getMember("spawn").getReceiver()
|
||||
"cat" // def=moduleImport("child_process").getMember("exports").getMember("spawn").getParameter(0)
|
||||
);
|
||||
};
|
||||
@@ -8,14 +8,14 @@ module.exports.readFile = function (f) {
|
||||
if (err)
|
||||
rej(err);
|
||||
else
|
||||
res(data); /* def (promised (return (member readFile (member exports (module promises))))) */
|
||||
res(data); /* def=moduleImport("promises").getMember("exports").getMember("readFile").getReturn().getPromised() */
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
module.exports.readFileAndEncode = function (f) {
|
||||
return fse.readFile(f)
|
||||
.then((data) => /* use (promised (return (member readFile (member exports (module fs-extra))))) */
|
||||
base64.encode(data) /* def (promised (return (member readFileAndEncode (member exports (module promises))))) */
|
||||
.then((data) => /* use=moduleImport("fs-extra").getMember("exports").getMember("readFile").getReturn().getPromised() */
|
||||
base64.encode(data) /* def=moduleImport("promises").getMember("exports").getMember("readFileAndEncode").getReturn().getPromised() */
|
||||
);
|
||||
};
|
||||
@@ -4,25 +4,25 @@ var readFile = require("fs").readFile;
|
||||
var readFileAsync = bluebird.promisify(readFile);
|
||||
|
||||
readFile(
|
||||
"tst.txt", // def (parameter 0 (member readFile (member exports (module fs))))
|
||||
"utf8", // def (parameter 1 (member readFile (member exports (module fs))))
|
||||
"tst.txt", // def=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(0)
|
||||
"utf8", // def=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(1)
|
||||
function (
|
||||
err, // use (parameter 0 (parameter 2 (member readFile (member exports (module fs)))))
|
||||
contents // use (parameter 1 (parameter 2 (member readFile (member exports (module fs)))))
|
||||
err, // use=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(2).getParameter(0)
|
||||
contents // use=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(2).getParameter(1)
|
||||
) { });
|
||||
|
||||
readFileAsync(
|
||||
"tst.txt" // def (parameter 0 (member readFile (member exports (module fs))))
|
||||
"tst.txt" // def=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(0)
|
||||
).then(
|
||||
function (buf) { } // use (parameter 1 (parameter 1 (member readFile (member exports (module fs)))))
|
||||
function (buf) { } // use=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(1).getParameter(1)
|
||||
).catch(
|
||||
function (err) { } // not yet modelled: (parameter 0 (parameter 1 (member readFile (member exports (module fs)))))
|
||||
);
|
||||
|
||||
try {
|
||||
let p = readFileAsync(
|
||||
"tst.txt", // def (parameter 0 (member readFile (member exports (module fs))))
|
||||
"utf8" // def (parameter 1 (member readFile (member exports (module fs))))
|
||||
"tst.txt", // def=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(0)
|
||||
"utf8" // def=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(1)
|
||||
);
|
||||
let data = await p; // use (parameter 1 (parameter 2 (member readFile (member exports (module fs)))))
|
||||
let data = await p; // use=moduleImport("fs").getMember("exports").getMember("readFile").getParameter(2).getParameter(1)
|
||||
} catch (e) { } // not yet modelled: (parameter 0 (parameter 2 (member readFile (member exports (module fs)))))
|
||||
|
||||
@@ -5,5 +5,5 @@ exports.assertNotNull = function (x) {
|
||||
|
||||
exports.foo = function(x) {
|
||||
exports.assertNotNull(x);
|
||||
sink(x.f); /* !use (member f (parameter 0 (member assertNotNull (member exports (module property-read-from-argument))))) */ /* use (member f (parameter 0 (member foo (member exports (module property-read-from-argument))))) */
|
||||
sink(x.f); /* MISSING: use=moduleImport("property-read-from-argument").getMember("exports").getMember("assertNotNull").getParameter(0).getMember("f") */ /* use=moduleImport("property-read-from-argument").getMember("exports").getMember("foo").getParameter(0).getMember("f") */
|
||||
}
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
module.exports = function () {
|
||||
return 42; /* def (return (member impl (member exports (module reexport)))) */
|
||||
return 42; /* def=moduleImport("reexport").getMember("exports").getMember("impl").getReturn() */
|
||||
};
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
function foo(x) { /* use (parameter 0 (member bar (member other (member exports (module reexport)))) */
|
||||
function foo(x) { /* use=moduleImport("reexport").getMember("exports").getMember("other").getMember("bar").getParameter(0) */
|
||||
return x + 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
module.exports.id = function id(x) { /* use (parameter 0 (member id (member util (member exports (module reexport)))) */
|
||||
module.exports.id = function id(x) { /* use=moduleImport("reexport").getMember("exports").getMember("util").getMember("id").getParameter(0) */
|
||||
return x;
|
||||
};
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
module.exports = {
|
||||
id: function id(x) { /* use (parameter 0 (member id (member util2 (member exports (module reexport)))) */
|
||||
id: function id(x) { /* use=moduleImport("reexport").getMember("exports").getMember("util2").getMember("id").getParameter(0) */
|
||||
return x;
|
||||
}
|
||||
};
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
export class A {
|
||||
foo() {
|
||||
return this; /* def (return (member foo (instance (member A (member exports (module return-self)))))) */
|
||||
return this; /* def=moduleImport("return-self").getMember("exports").getMember("A").getInstance().getMember("foo").getReturn() */
|
||||
}
|
||||
bar(x) { } /* use (parameter 0 (member bar (instance (member A (member exports (module return-self)))))) */
|
||||
bar(x) { } /* use=moduleImport("return-self").getMember("exports").getMember("A").getInstance().getMember("bar").getParameter(0) */
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@ const lib = require('something');
|
||||
|
||||
function f() {
|
||||
return {
|
||||
x: new Object() /* def (member x (parameter 0 (member m1 (member exports (module something))))) */
|
||||
x: new Object() /* def=moduleImport("something").getMember("exports").getMember("m1").getParameter(0).getMember("x") */
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ app.use(bodyParser.json());
|
||||
|
||||
app.post("/find", (req, res) => {
|
||||
let v = JSON.parse(req.body.x);
|
||||
getCollection().find({ id: v }); /* use (member find (instance (member Collection (member exports (module mongodb))))) */
|
||||
getCollection().find({ id: v }); // use=moduleImport("mongodb").getMember("exports").getMember("Collection").getInstance().getMember("find")
|
||||
});
|
||||
|
||||
import * as mongoose from "mongoose";
|
||||
@@ -19,14 +19,14 @@ declare function getMongooseModel(): mongoose.Model;
|
||||
declare function getMongooseQuery(): mongoose.Query;
|
||||
app.post("/find", (req, res) => {
|
||||
let v = JSON.parse(req.body.x);
|
||||
getMongooseModel().find({ id: v }); /* def (parameter 0 (member find (instance (member Model (member exports (module mongoose)))))) */
|
||||
getMongooseQuery().find({ id: v }); /* def (parameter 0 (member find (instance (member Query (member exports (module mongoose)))))) */
|
||||
getMongooseModel().find({ id: v }); // def=moduleImport("mongoose").getMember("exports").getMember("Model").getInstance().getMember("find").getParameter(0)
|
||||
getMongooseQuery().find({ id: v }); // def=moduleImport("mongoose").getMember("exports").getMember("Query").getInstance().getMember("find").getParameter(0)
|
||||
});
|
||||
|
||||
import * as puppeteer from 'puppeteer';
|
||||
class Renderer {
|
||||
private browser: puppeteer.Browser;
|
||||
foo(): void {
|
||||
const page = this.browser.newPage(); /* use (instance (member Browser (member exports (module puppeteer)))) */
|
||||
const page = this.browser.newPage(); /* use=moduleImport("puppeteer").getMember("exports").getMember("Browser").getInstance() */
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,15 @@
|
||||
spuriousCallee
|
||||
missingCallee
|
||||
| constructor-field.ts:40:5:40:14 | f3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 |
|
||||
| constructor-field.ts:71:1:71:11 | bf3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 |
|
||||
| constructor-field.ts:40:5:40:14 | f3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 | calls |
|
||||
| constructor-field.ts:71:1:71:11 | bf3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 | calls |
|
||||
badAnnotation
|
||||
accessorCall
|
||||
| accessors.js:12:1:12:5 | obj.f | accessors.js:5:8:5:12 | () {} |
|
||||
| accessors.js:15:1:15:5 | obj.f | accessors.js:8:8:8:13 | (x) {} |
|
||||
| accessors.js:26:1:26:3 | C.f | accessors.js:19:15:19:19 | () {} |
|
||||
| accessors.js:29:1:29:3 | C.f | accessors.js:22:15:22:20 | (x) {} |
|
||||
| accessors.js:41:1:41:9 | new D().f | accessors.js:34:8:34:12 | () {} |
|
||||
| accessors.js:44:1:44:9 | new D().f | accessors.js:37:8:37:13 | (x) {} |
|
||||
| accessors.js:48:1:48:5 | obj.f | accessors.js:5:8:5:12 | () {} |
|
||||
| accessors.js:51:1:51:3 | C.f | accessors.js:19:15:19:19 | () {} |
|
||||
| accessors.js:54:1:54:9 | new D().f | accessors.js:34:8:34:12 | () {} |
|
||||
|
||||
@@ -25,16 +25,28 @@ class AnnotatedFunction extends Function {
|
||||
}
|
||||
|
||||
/** A function annotated with `calls:NAME` */
|
||||
class AnnotatedCall extends InvokeExpr {
|
||||
class AnnotatedCall extends DataFlow::Node {
|
||||
string calls;
|
||||
string kind;
|
||||
|
||||
AnnotatedCall() { calls = getAnnotation(this, "calls") }
|
||||
AnnotatedCall() {
|
||||
this instanceof DataFlow::InvokeNode and
|
||||
calls = getAnnotation(this.asExpr(), kind) and
|
||||
kind = "calls"
|
||||
or
|
||||
this instanceof DataFlow::PropRef and
|
||||
calls = getAnnotation(this.getAstNode(), kind) and
|
||||
kind = "callsAccessor"
|
||||
}
|
||||
|
||||
string getCallTargetName() { result = calls }
|
||||
|
||||
AnnotatedFunction getAnExpectedCallee() { result.getCalleeName() = getCallTargetName() }
|
||||
AnnotatedFunction getAnExpectedCallee(string kind_) {
|
||||
result.getCalleeName() = getCallTargetName() and
|
||||
kind = kind_
|
||||
}
|
||||
|
||||
int getBoundArgs() { result = getAnnotation(this, "boundArgs").toInt() }
|
||||
int getBoundArgs() { result = getAnnotation(this.getAstNode(), "boundArgs").toInt() }
|
||||
|
||||
int getBoundArgsOrMinusOne() {
|
||||
result = getBoundArgs()
|
||||
@@ -42,25 +54,33 @@ class AnnotatedCall extends InvokeExpr {
|
||||
not exists(getBoundArgs()) and
|
||||
result = -1
|
||||
}
|
||||
|
||||
string getKind() { result = kind }
|
||||
}
|
||||
|
||||
predicate callEdge(AnnotatedCall call, AnnotatedFunction target, int boundArgs) {
|
||||
FlowSteps::calls(call.flow(), target) and boundArgs = -1
|
||||
FlowSteps::calls(call, target) and boundArgs = -1
|
||||
or
|
||||
FlowSteps::callsBound(call.flow(), target, boundArgs)
|
||||
FlowSteps::callsBound(call, target, boundArgs)
|
||||
}
|
||||
|
||||
query predicate spuriousCallee(AnnotatedCall call, AnnotatedFunction target, int boundArgs) {
|
||||
query predicate spuriousCallee(
|
||||
AnnotatedCall call, AnnotatedFunction target, int boundArgs, string kind
|
||||
) {
|
||||
callEdge(call, target, boundArgs) and
|
||||
kind = call.getKind() and
|
||||
not (
|
||||
target = call.getAnExpectedCallee() and
|
||||
target = call.getAnExpectedCallee(kind) and
|
||||
boundArgs = call.getBoundArgsOrMinusOne()
|
||||
)
|
||||
}
|
||||
|
||||
query predicate missingCallee(AnnotatedCall call, AnnotatedFunction target, int boundArgs) {
|
||||
query predicate missingCallee(
|
||||
AnnotatedCall call, AnnotatedFunction target, int boundArgs, string kind
|
||||
) {
|
||||
not callEdge(call, target, boundArgs) and
|
||||
target = call.getAnExpectedCallee() and
|
||||
kind = call.getKind() and
|
||||
target = call.getAnExpectedCallee(kind) and
|
||||
boundArgs = call.getBoundArgsOrMinusOne()
|
||||
}
|
||||
|
||||
@@ -72,3 +92,7 @@ query predicate badAnnotation(string name) {
|
||||
not name = any(AnnotatedCall cl).getCallTargetName() and
|
||||
name = any(AnnotatedFunction cl).getCalleeName()
|
||||
}
|
||||
|
||||
query predicate accessorCall(DataFlow::PropRef ref, Function target) {
|
||||
FlowSteps::calls(ref, target)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
import 'dummy';
|
||||
|
||||
let obj = {
|
||||
/** name:obj.f.get */
|
||||
get f() {},
|
||||
|
||||
/** name:obj.f.set */
|
||||
set f(x) {}
|
||||
};
|
||||
|
||||
/** callsAccessor:obj.f.get */
|
||||
obj.f;
|
||||
|
||||
/** callsAccessor:obj.f.set */
|
||||
obj.f = 1;
|
||||
|
||||
class C {
|
||||
/** name:C.f.get */
|
||||
static get f() {}
|
||||
|
||||
/** name:C.f.set */
|
||||
static set f(x) {}
|
||||
}
|
||||
|
||||
/** callsAccessor:C.f.get */
|
||||
C.f;
|
||||
|
||||
/** callsAccessor:C.f.set */
|
||||
C.f = 1;
|
||||
|
||||
|
||||
class D {
|
||||
/** name:D.f.get */
|
||||
get f() {}
|
||||
|
||||
/** name:D.f.set */
|
||||
set f(x) {}
|
||||
}
|
||||
|
||||
/** callsAccessor:D.f.get */
|
||||
new D().f;
|
||||
|
||||
/** callsAccessor:D.f.set */
|
||||
new D().f = 1;
|
||||
|
||||
// Avoid regular calls being seen as calls to the accessor itself
|
||||
/** calls:NONE */
|
||||
obj.f();
|
||||
|
||||
/** calls:NONE */
|
||||
C.f();
|
||||
|
||||
/** calls:NONE */
|
||||
new D().f();
|
||||
@@ -24,6 +24,7 @@ getAReceiverNode
|
||||
| tst.js:23:1:23:15 | function D() {} | tst.js:25:13:25:12 | this |
|
||||
| tst.js:23:1:23:15 | function D() {} | tst.js:26:13:26:12 | this |
|
||||
| tst.js:23:1:23:15 | function D() {} | tst.js:27:4:27:3 | this |
|
||||
| tst.js:30:1:34:1 | class S ... x) {}\\n} | tst.js:30:21:30:20 | this |
|
||||
getFieldTypeAnnotation
|
||||
| fields.ts:1:1:3:1 | class B ... mber;\\n} | baseField | fields.ts:2:16:2:21 | number |
|
||||
| fields.ts:5:1:13:1 | class F ... > {};\\n} | x | fields.ts:6:27:6:32 | number |
|
||||
@@ -53,6 +54,11 @@ instanceMethod
|
||||
| tst.js:15:1:15:15 | function B() {} | foo | tst.js:17:19:17:31 | function() {} | B |
|
||||
| tst.js:19:1:19:15 | function C() {} | bar | tst.js:21:19:21:31 | function() {} | C |
|
||||
| tst.js:23:1:23:15 | function D() {} | m | tst.js:27:4:27:8 | () {} | D |
|
||||
staticMember
|
||||
| tst.js:3:1:10:1 | class A ... () {}\\n} | staticMethod | method | tst.js:5:22:5:26 | () {} | A |
|
||||
| tst.js:30:1:34:1 | class S ... x) {}\\n} | getter | getter | tst.js:32:20:32:24 | () {} | StaticMembers |
|
||||
| tst.js:30:1:34:1 | class S ... x) {}\\n} | method | method | tst.js:31:16:31:20 | () {} | StaticMembers |
|
||||
| tst.js:30:1:34:1 | class S ... x) {}\\n} | setter | setter | tst.js:33:20:33:25 | (x) {} | StaticMembers |
|
||||
superClass
|
||||
| fields.ts:5:1:13:1 | class F ... > {};\\n} | fields.ts:1:1:3:1 | class B ... mber;\\n} | Foo | Base |
|
||||
| tst.js:13:1:13:21 | class A ... ds A {} | tst.js:3:1:10:1 | class A ... () {}\\n} | A2 | A |
|
||||
|
||||
@@ -24,6 +24,12 @@ query predicate instanceMethod(
|
||||
cls.getInstanceMethod(name) = inst and clsName = cls.getName()
|
||||
}
|
||||
|
||||
query predicate staticMember(
|
||||
DataFlow::ClassNode cls, string name, string kind, DataFlow::FunctionNode inst, string clsName
|
||||
) {
|
||||
cls.getStaticMember(name, kind) = inst and clsName = cls.getName()
|
||||
}
|
||||
|
||||
query predicate superClass(
|
||||
DataFlow::ClassNode cls, DataFlow::ClassNode sup, string clsName, string supName
|
||||
) {
|
||||
|
||||
@@ -26,3 +26,9 @@ D.prototype = {
|
||||
set setter(x) {},
|
||||
m() {}
|
||||
}
|
||||
|
||||
class StaticMembers {
|
||||
static method() {}
|
||||
static get getter() {}
|
||||
static set setter(x) {}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
underlyingTypeNode
|
||||
| foo | Bar | foo.ts:3:1:5:1 | use (instance (member Bar (member exports (module foo)))) |
|
||||
| foo | Bar | foo.ts:3:12:3:12 | use (instance (member Bar (member exports (module foo)))) |
|
||||
| foo | Bar | foo.ts:3:1:5:1 | use moduleImport("foo").getMember("exports").getMember("Bar").getInstance() |
|
||||
| foo | Bar | foo.ts:3:12:3:12 | use moduleImport("foo").getMember("exports").getMember("Bar").getInstance() |
|
||||
#select
|
||||
| foo.ts:3:12:3:12 | x | foo.Bar in unknown scope |
|
||||
| foo.ts:4:10:4:10 | x | foo.Bar in unknown scope |
|
||||
|
||||
@@ -25,208 +25,208 @@ sqlString
|
||||
| tst.js:166:43:166:63 | 'col DE ... S LAST' |
|
||||
| tst.js:178:14:178:24 | 'count > ?' |
|
||||
knexLibrary
|
||||
| file://:0:0:0:0 | use (member exports (module knex)) |
|
||||
| file://:0:0:0:0 | use moduleImport("knex").getMember("exports") |
|
||||
knexObject
|
||||
| tst.js:3:14:3:30 | use (return (member exports (module knex))) |
|
||||
| tst.js:5:1:5:32 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:5:1:9:4 | use (return (member select (return (return (member exports (module knex)))))) |
|
||||
| tst.js:5:1:10:52 | use (return (member whereRaw (return (member select (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:12:1:12:48 | use (return (member withUserParams (return (member exports (module knex))))) |
|
||||
| tst.js:12:1:12:59 | use (return (member table (return (member withUserParams (return (member exports (module knex))))))) |
|
||||
| tst.js:12:1:12:71 | use (return (member select (return (member table (return (member withUserParams (return (member exports (module knex))))))))) |
|
||||
| tst.js:14:1:14:13 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:14:1:14:27 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:14:1:14:41 | use (return (member timeout (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:15:1:15:38 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:15:1:15:52 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:17:1:17:23 | use (return (member avg (return (member exports (module knex))))) |
|
||||
| tst.js:17:1:19:4 | use (return (member from (return (member avg (return (member exports (module knex))))))) |
|
||||
| tst.js:17:1:19:24 | use (return (member as (return (member from (return (member avg (return (member exports (module knex))))))))) |
|
||||
| tst.js:17:30:17:29 | use (receiver (parameter 0 (member from (return (member avg (return (member exports (module knex)))))))) |
|
||||
| tst.js:18:5:18:38 | use (return (member sum (receiver (parameter 0 (member from (return (member avg (return (member exports (module knex)))))))))) |
|
||||
| tst.js:18:5:18:49 | use (return (member from (return (member sum (receiver (parameter 0 (member from (return (member avg (return (member exports (module knex)))))))))))) |
|
||||
| tst.js:18:5:18:68 | use (return (member groupBy (return (member from (return (member sum (receiver (parameter 0 (member from (return (member avg (return (member exports (module knex)))))))))))))) |
|
||||
| tst.js:18:5:18:77 | use (return (member as (return (member groupBy (return (member from (return (member sum (receiver (parameter 0 (member from (return (member avg (return (member exports (module knex)))))))))))))))) |
|
||||
| tst.js:21:1:21:38 | use (return (member column (return (member exports (module knex))))) |
|
||||
| tst.js:21:1:21:47 | use (return (member select (return (member column (return (member exports (module knex))))))) |
|
||||
| tst.js:21:1:21:61 | use (return (member from (return (member select (return (member column (return (member exports (module knex))))))))) |
|
||||
| tst.js:23:1:23:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:23:1:23:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:25:1:25:85 | use (return (member with (return (member exports (module knex))))) |
|
||||
| tst.js:25:1:25:97 | use (return (member select (return (member with (return (member exports (module knex))))))) |
|
||||
| tst.js:25:1:25:116 | use (return (member from (return (member select (return (member with (return (member exports (module knex))))))))) |
|
||||
| tst.js:25:25:25:84 | use (return (member raw (return (member exports (module knex))))) |
|
||||
| tst.js:27:1:31:4 | use (return (member withRecursive (return (member exports (module knex))))) |
|
||||
| tst.js:27:1:31:16 | use (return (member select (return (member withRecursive (return (member exports (module knex))))))) |
|
||||
| tst.js:27:1:31:34 | use (return (member from (return (member select (return (member withRecursive (return (member exports (module knex))))))))) |
|
||||
| tst.js:33:1:33:25 | use (return (member withSchema (return (member exports (module knex))))) |
|
||||
| tst.js:33:1:33:37 | use (return (member select (return (member withSchema (return (member exports (module knex))))))) |
|
||||
| tst.js:33:1:33:51 | use (return (member from (return (member select (return (member withSchema (return (member exports (module knex))))))))) |
|
||||
| tst.js:35:1:35:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:35:1:38:4 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:35:1:38:17 | use (return (member select (return (member where (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:40:1:40:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:40:1:40:28 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:42:1:42:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:42:1:45:3 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:42:1:48:4 | use (return (member andWhere (return (member where (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:46:13:46:12 | use (receiver (parameter 0 (member andWhere (return (member where (return (return (member exports (module knex))))))))) |
|
||||
| tst.js:47:5:47:29 | use (return (member where (receiver (parameter 0 (member andWhere (return (member where (return (return (member exports (module knex))))))))))) |
|
||||
| tst.js:50:1:50:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:50:1:52:2 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:50:1:52:28 | use (return (member orWhere (return (member where (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:50:21:50:20 | use (receiver (parameter 0 (member where (return (return (member exports (module knex))))))) |
|
||||
| tst.js:51:3:51:21 | use (return (member where (receiver (parameter 0 (member where (return (return (member exports (module knex))))))))) |
|
||||
| tst.js:51:3:51:44 | use (return (member orWhere (return (member where (receiver (parameter 0 (member where (return (return (member exports (module knex))))))))))) |
|
||||
| tst.js:54:1:54:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:54:1:54:56 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:56:1:56:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:56:1:56:38 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:58:18:58:30 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:58:18:58:55 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:58:18:58:84 | use (return (member andWhere (return (member where (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:58:18:58:108 | use (return (member orWhere (return (member andWhere (return (member where (return (return (member exports (module knex)))))))))) |
|
||||
| tst.js:58:18:58:121 | use (return (member select (return (member orWhere (return (member andWhere (return (member where (return (return (member exports (module knex)))))))))))) |
|
||||
| tst.js:59:1:59:16 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:59:1:59:44 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:61:1:61:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:61:1:61:28 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:61:1:61:64 | use (return (member orWhere (return (member where (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:63:1:63:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:63:1:66:2 | use (return (member whereNot (return (return (member exports (module knex)))))) |
|
||||
| tst.js:63:1:66:15 | use (return (member select (return (member whereNot (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:68:1:68:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:68:1:68:31 | use (return (member whereNot (return (return (member exports (module knex)))))) |
|
||||
| tst.js:70:1:70:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:70:1:72:2 | use (return (member whereNot (return (return (member exports (module knex)))))) |
|
||||
| tst.js:70:1:72:31 | use (return (member orWhereNot (return (member whereNot (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:70:24:70:23 | use (receiver (parameter 0 (member whereNot (return (return (member exports (module knex))))))) |
|
||||
| tst.js:71:3:71:21 | use (return (member where (receiver (parameter 0 (member whereNot (return (return (member exports (module knex))))))))) |
|
||||
| tst.js:71:3:71:47 | use (return (member orWhereNot (return (member where (receiver (parameter 0 (member whereNot (return (return (member exports (module knex))))))))))) |
|
||||
| tst.js:74:19:74:31 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:74:19:75:30 | use (return (member whereNot (return (return (member exports (module knex)))))) |
|
||||
| tst.js:74:19:76:31 | use (return (member andWhere (return (member whereNot (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:74:19:77:26 | use (return (member orWhere (return (member andWhere (return (member whereNot (return (return (member exports (module knex)))))))))) |
|
||||
| tst.js:74:19:78:15 | use (return (member select (return (member orWhere (return (member andWhere (return (member whereNot (return (return (member exports (module knex)))))))))))) |
|
||||
| tst.js:80:1:80:16 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:80:1:80:49 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:82:1:82:19 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:82:1:82:33 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:82:1:83:27 | use (return (member whereIn (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:82:1:84:29 | use (return (member orWhereIn (return (member whereIn (return (member from (return (member select (return (member exports (module knex))))))))))) |
|
||||
| tst.js:86:1:86:19 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:86:1:86:33 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:86:1:89:4 | use (return (member whereIn (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:91:1:91:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:91:1:91:41 | use (return (member whereNotIn (return (return (member exports (module knex)))))) |
|
||||
| tst.js:93:1:93:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:93:1:93:45 | use (return (member where (return (return (member exports (module knex)))))) |
|
||||
| tst.js:93:1:93:75 | use (return (member orWhereNotIn (return (member where (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:95:1:95:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:95:1:95:37 | use (return (member whereNull (return (return (member exports (module knex)))))) |
|
||||
| tst.js:97:1:97:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:97:1:97:40 | use (return (member whereNotNull (return (return (member exports (module knex)))))) |
|
||||
| tst.js:99:1:99:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:99:1:101:2 | use (return (member whereExists (return (return (member exports (module knex)))))) |
|
||||
| tst.js:99:27:99:26 | use (receiver (parameter 0 (member whereExists (return (return (member exports (module knex))))))) |
|
||||
| tst.js:100:3:100:18 | use (return (member select (receiver (parameter 0 (member whereExists (return (return (member exports (module knex))))))))) |
|
||||
| tst.js:100:3:100:35 | use (return (member from (return (member select (receiver (parameter 0 (member whereExists (return (return (member exports (module knex))))))))))) |
|
||||
| tst.js:100:3:100:78 | use (return (member whereRaw (return (member from (return (member select (receiver (parameter 0 (member whereExists (return (return (member exports (module knex))))))))))))) |
|
||||
| tst.js:103:1:103:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:103:1:103:103 | use (return (member whereExists (return (return (member exports (module knex)))))) |
|
||||
| tst.js:103:27:103:42 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:103:27:103:59 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:103:27:103:102 | use (return (member whereRaw (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:105:1:105:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:105:1:107:2 | use (return (member whereNotExists (return (return (member exports (module knex)))))) |
|
||||
| tst.js:105:30:105:29 | use (receiver (parameter 0 (member whereNotExists (return (return (member exports (module knex))))))) |
|
||||
| tst.js:106:3:106:18 | use (return (member select (receiver (parameter 0 (member whereNotExists (return (return (member exports (module knex))))))))) |
|
||||
| tst.js:106:3:106:35 | use (return (member from (return (member select (receiver (parameter 0 (member whereNotExists (return (return (member exports (module knex))))))))))) |
|
||||
| tst.js:106:3:106:78 | use (return (member whereRaw (return (member from (return (member select (receiver (parameter 0 (member whereNotExists (return (return (member exports (module knex))))))))))))) |
|
||||
| tst.js:109:1:109:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:109:1:109:45 | use (return (member whereBetween (return (return (member exports (module knex)))))) |
|
||||
| tst.js:111:1:111:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:111:1:111:48 | use (return (member whereNotBetween (return (return (member exports (module knex)))))) |
|
||||
| tst.js:113:1:113:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:113:1:113:37 | use (return (member whereRaw (return (return (member exports (module knex)))))) |
|
||||
| tst.js:115:1:115:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:115:1:116:56 | use (return (member join (return (return (member exports (module knex)))))) |
|
||||
| tst.js:115:1:117:39 | use (return (member select (return (member join (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:119:1:119:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:119:1:120:51 | use (return (member join (return (return (member exports (module knex)))))) |
|
||||
| tst.js:119:1:121:39 | use (return (member select (return (member join (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:123:1:123:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:123:1:123:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:123:1:125:2 | use (return (member join (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:127:1:127:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:127:1:127:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:127:1:132:2 | use (return (member join (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:134:1:134:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:134:1:134:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:134:1:134:90 | use (return (member join (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:134:66:134:89 | use (return (member raw (return (member exports (module knex))))) |
|
||||
| tst.js:136:1:136:18 | use (return (member from (return (member exports (module knex))))) |
|
||||
| tst.js:136:1:136:72 | use (return (member innerJoin (return (member from (return (member exports (module knex))))))) |
|
||||
| tst.js:138:1:138:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:138:1:138:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:138:1:138:83 | use (return (member leftJoin (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:140:1:140:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:140:1:140:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:140:1:140:88 | use (return (member leftOuterJoin (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:142:1:142:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:142:1:142:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:142:1:142:84 | use (return (member rightJoin (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:144:1:144:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:144:1:144:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:144:1:144:89 | use (return (member rightOuterJoin (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:146:1:146:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:146:1:146:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:146:1:146:88 | use (return (member fullOuterJoin (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:148:1:148:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:148:1:148:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:148:1:148:52 | use (return (member crossJoin (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:150:1:150:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:150:1:150:33 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:150:1:150:69 | use (return (member joinRaw (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:150:1:150:84 | use (return (member where (return (member joinRaw (return (member from (return (member select (return (member exports (module knex))))))))))) |
|
||||
| tst.js:152:1:152:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:152:1:152:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:152:1:154:2 | use (return (member join (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:156:1:156:28 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:156:1:156:42 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:156:1:156:63 | use (return (member where (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:156:1:156:79 | use (return (member clear (return (member where (return (member from (return (member select (return (member exports (module knex))))))))))) |
|
||||
| tst.js:156:1:156:94 | use (return (member clear (return (member clear (return (member where (return (member from (return (member select (return (member exports (module knex))))))))))))) |
|
||||
| tst.js:158:1:158:17 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:158:1:158:53 | use (return (member distinct (return (return (member exports (module knex)))))) |
|
||||
| tst.js:160:1:160:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:160:1:160:31 | use (return (member distinctOn (return (return (member exports (module knex)))))) |
|
||||
| tst.js:162:1:162:44 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:162:1:162:58 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:162:1:162:89 | use (return (member groupByRaw (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:162:21:162:43 | use (return (member raw (return (member exports (module knex))))) |
|
||||
| tst.js:164:1:164:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:164:1:164:30 | use (return (member orderBy (return (return (member exports (module knex)))))) |
|
||||
| tst.js:166:1:166:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:166:1:166:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:166:1:166:64 | use (return (member orderByRaw (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:168:1:168:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:168:1:169:19 | use (return (member groupBy (return (return (member exports (module knex)))))) |
|
||||
| tst.js:168:1:170:26 | use (return (member orderBy (return (member groupBy (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:168:1:171:28 | use (return (member having (return (member orderBy (return (member groupBy (return (return (member exports (module knex)))))))))) |
|
||||
| tst.js:173:1:173:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:173:1:173:30 | use (return (member from (return (member select (return (member exports (module knex))))))) |
|
||||
| tst.js:173:1:173:61 | use (return (member havingIn (return (member from (return (member select (return (member exports (module knex))))))))) |
|
||||
| tst.js:175:1:175:13 | use (return (return (member exports (module knex)))) |
|
||||
| tst.js:175:1:176:19 | use (return (member groupBy (return (return (member exports (module knex)))))) |
|
||||
| tst.js:175:1:177:26 | use (return (member orderBy (return (member groupBy (return (return (member exports (module knex)))))))) |
|
||||
| tst.js:175:1:178:32 | use (return (member havingRaw (return (member orderBy (return (member groupBy (return (return (member exports (module knex)))))))))) |
|
||||
| tst.js:180:1:180:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:181:1:181:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:182:1:182:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:183:1:183:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:184:1:184:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:185:1:185:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:186:1:186:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:187:1:187:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:188:1:188:16 | use (return (member select (return (member exports (module knex))))) |
|
||||
| tst.js:3:14:3:30 | use moduleImport("knex").getMember("exports").getReturn() |
|
||||
| tst.js:5:1:5:32 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:5:1:9:4 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("select").getReturn() |
|
||||
| tst.js:5:1:10:52 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("select").getReturn().getMember("whereRaw").getReturn() |
|
||||
| tst.js:12:1:12:48 | use moduleImport("knex").getMember("exports").getReturn().getMember("withUserParams").getReturn() |
|
||||
| tst.js:12:1:12:59 | use moduleImport("knex").getMember("exports").getReturn().getMember("withUserParams").getReturn().getMember("table").getReturn() |
|
||||
| tst.js:12:1:12:71 | use moduleImport("knex").getMember("exports").getReturn().getMember("withUserParams").getReturn().getMember("table").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:14:1:14:13 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:14:1:14:27 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:14:1:14:41 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("timeout").getReturn() |
|
||||
| tst.js:15:1:15:38 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:15:1:15:52 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:17:1:17:23 | use moduleImport("knex").getMember("exports").getReturn().getMember("avg").getReturn() |
|
||||
| tst.js:17:1:19:4 | use moduleImport("knex").getMember("exports").getReturn().getMember("avg").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:17:1:19:24 | use moduleImport("knex").getMember("exports").getReturn().getMember("avg").getReturn().getMember("from").getReturn().getMember("as").getReturn() |
|
||||
| tst.js:17:30:17:29 | use moduleImport("knex").getMember("exports").getReturn().getMember("avg").getReturn().getMember("from").getParameter(0).getReceiver() |
|
||||
| tst.js:18:5:18:38 | use moduleImport("knex").getMember("exports").getReturn().getMember("avg").getReturn().getMember("from").getParameter(0).getReceiver().getMember("sum").getReturn() |
|
||||
| tst.js:18:5:18:49 | use moduleImport("knex").getMember("exports").getReturn().getMember("avg").getReturn().getMember("from").getParameter(0).getReceiver().getMember("sum").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:18:5:18:68 | use moduleImport("knex").getMember("exports").getReturn().getMember("avg").getReturn().getMember("from").getParameter(0).getReceiver().getMember("sum").getReturn().getMember("from").getReturn().getMember("groupBy").getReturn() |
|
||||
| tst.js:18:5:18:77 | use moduleImport("knex").getMember("exports").getReturn().getMember("avg").getReturn().getMember("from").getParameter(0).getReceiver().getMember("sum").getReturn().getMember("from").getReturn().getMember("groupBy").getReturn().getMember("as").getReturn() |
|
||||
| tst.js:21:1:21:38 | use moduleImport("knex").getMember("exports").getReturn().getMember("column").getReturn() |
|
||||
| tst.js:21:1:21:47 | use moduleImport("knex").getMember("exports").getReturn().getMember("column").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:21:1:21:61 | use moduleImport("knex").getMember("exports").getReturn().getMember("column").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:23:1:23:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:23:1:23:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:25:1:25:85 | use moduleImport("knex").getMember("exports").getReturn().getMember("with").getReturn() |
|
||||
| tst.js:25:1:25:97 | use moduleImport("knex").getMember("exports").getReturn().getMember("with").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:25:1:25:116 | use moduleImport("knex").getMember("exports").getReturn().getMember("with").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:25:25:25:84 | use moduleImport("knex").getMember("exports").getReturn().getMember("raw").getReturn() |
|
||||
| tst.js:27:1:31:4 | use moduleImport("knex").getMember("exports").getReturn().getMember("withRecursive").getReturn() |
|
||||
| tst.js:27:1:31:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("withRecursive").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:27:1:31:34 | use moduleImport("knex").getMember("exports").getReturn().getMember("withRecursive").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:33:1:33:25 | use moduleImport("knex").getMember("exports").getReturn().getMember("withSchema").getReturn() |
|
||||
| tst.js:33:1:33:37 | use moduleImport("knex").getMember("exports").getReturn().getMember("withSchema").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:33:1:33:51 | use moduleImport("knex").getMember("exports").getReturn().getMember("withSchema").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:35:1:35:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:35:1:38:4 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:35:1:38:17 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:40:1:40:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:40:1:40:28 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:42:1:42:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:42:1:45:3 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:42:1:48:4 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("andWhere").getReturn() |
|
||||
| tst.js:46:13:46:12 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("andWhere").getParameter(0).getReceiver() |
|
||||
| tst.js:47:5:47:29 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("andWhere").getParameter(0).getReceiver().getMember("where").getReturn() |
|
||||
| tst.js:50:1:50:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:50:1:52:2 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:50:1:52:28 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("orWhere").getReturn() |
|
||||
| tst.js:50:21:50:20 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getParameter(0).getReceiver() |
|
||||
| tst.js:51:3:51:21 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getParameter(0).getReceiver().getMember("where").getReturn() |
|
||||
| tst.js:51:3:51:44 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getParameter(0).getReceiver().getMember("where").getReturn().getMember("orWhere").getReturn() |
|
||||
| tst.js:54:1:54:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:54:1:54:56 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:56:1:56:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:56:1:56:38 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:58:18:58:30 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:58:18:58:55 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:58:18:58:84 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("andWhere").getReturn() |
|
||||
| tst.js:58:18:58:108 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("andWhere").getReturn().getMember("orWhere").getReturn() |
|
||||
| tst.js:58:18:58:121 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("andWhere").getReturn().getMember("orWhere").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:59:1:59:16 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:59:1:59:44 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:61:1:61:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:61:1:61:28 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:61:1:61:64 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("orWhere").getReturn() |
|
||||
| tst.js:63:1:63:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:63:1:66:2 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn() |
|
||||
| tst.js:63:1:66:15 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:68:1:68:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:68:1:68:31 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn() |
|
||||
| tst.js:70:1:70:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:70:1:72:2 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn() |
|
||||
| tst.js:70:1:72:31 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn().getMember("orWhereNot").getReturn() |
|
||||
| tst.js:70:24:70:23 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getParameter(0).getReceiver() |
|
||||
| tst.js:71:3:71:21 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getParameter(0).getReceiver().getMember("where").getReturn() |
|
||||
| tst.js:71:3:71:47 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getParameter(0).getReceiver().getMember("where").getReturn().getMember("orWhereNot").getReturn() |
|
||||
| tst.js:74:19:74:31 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:74:19:75:30 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn() |
|
||||
| tst.js:74:19:76:31 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn().getMember("andWhere").getReturn() |
|
||||
| tst.js:74:19:77:26 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn().getMember("andWhere").getReturn().getMember("orWhere").getReturn() |
|
||||
| tst.js:74:19:78:15 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNot").getReturn().getMember("andWhere").getReturn().getMember("orWhere").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:80:1:80:16 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:80:1:80:49 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:82:1:82:19 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:82:1:82:33 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:82:1:83:27 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("whereIn").getReturn() |
|
||||
| tst.js:82:1:84:29 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("whereIn").getReturn().getMember("orWhereIn").getReturn() |
|
||||
| tst.js:86:1:86:19 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:86:1:86:33 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:86:1:89:4 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("whereIn").getReturn() |
|
||||
| tst.js:91:1:91:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:91:1:91:41 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNotIn").getReturn() |
|
||||
| tst.js:93:1:93:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:93:1:93:45 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn() |
|
||||
| tst.js:93:1:93:75 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("where").getReturn().getMember("orWhereNotIn").getReturn() |
|
||||
| tst.js:95:1:95:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:95:1:95:37 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNull").getReturn() |
|
||||
| tst.js:97:1:97:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:97:1:97:40 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNotNull").getReturn() |
|
||||
| tst.js:99:1:99:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:99:1:101:2 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereExists").getReturn() |
|
||||
| tst.js:99:27:99:26 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereExists").getParameter(0).getReceiver() |
|
||||
| tst.js:100:3:100:18 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereExists").getParameter(0).getReceiver().getMember("select").getReturn() |
|
||||
| tst.js:100:3:100:35 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereExists").getParameter(0).getReceiver().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:100:3:100:78 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereExists").getParameter(0).getReceiver().getMember("select").getReturn().getMember("from").getReturn().getMember("whereRaw").getReturn() |
|
||||
| tst.js:103:1:103:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:103:1:103:103 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereExists").getReturn() |
|
||||
| tst.js:103:27:103:42 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:103:27:103:59 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:103:27:103:102 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("whereRaw").getReturn() |
|
||||
| tst.js:105:1:105:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:105:1:107:2 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNotExists").getReturn() |
|
||||
| tst.js:105:30:105:29 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNotExists").getParameter(0).getReceiver() |
|
||||
| tst.js:106:3:106:18 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNotExists").getParameter(0).getReceiver().getMember("select").getReturn() |
|
||||
| tst.js:106:3:106:35 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNotExists").getParameter(0).getReceiver().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:106:3:106:78 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNotExists").getParameter(0).getReceiver().getMember("select").getReturn().getMember("from").getReturn().getMember("whereRaw").getReturn() |
|
||||
| tst.js:109:1:109:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:109:1:109:45 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereBetween").getReturn() |
|
||||
| tst.js:111:1:111:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:111:1:111:48 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereNotBetween").getReturn() |
|
||||
| tst.js:113:1:113:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:113:1:113:37 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("whereRaw").getReturn() |
|
||||
| tst.js:115:1:115:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:115:1:116:56 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("join").getReturn() |
|
||||
| tst.js:115:1:117:39 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("join").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:119:1:119:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:119:1:120:51 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("join").getReturn() |
|
||||
| tst.js:119:1:121:39 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("join").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:123:1:123:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:123:1:123:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:123:1:125:2 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("join").getReturn() |
|
||||
| tst.js:127:1:127:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:127:1:127:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:127:1:132:2 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("join").getReturn() |
|
||||
| tst.js:134:1:134:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:134:1:134:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:134:1:134:90 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("join").getReturn() |
|
||||
| tst.js:134:66:134:89 | use moduleImport("knex").getMember("exports").getReturn().getMember("raw").getReturn() |
|
||||
| tst.js:136:1:136:18 | use moduleImport("knex").getMember("exports").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:136:1:136:72 | use moduleImport("knex").getMember("exports").getReturn().getMember("from").getReturn().getMember("innerJoin").getReturn() |
|
||||
| tst.js:138:1:138:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:138:1:138:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:138:1:138:83 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("leftJoin").getReturn() |
|
||||
| tst.js:140:1:140:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:140:1:140:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:140:1:140:88 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("leftOuterJoin").getReturn() |
|
||||
| tst.js:142:1:142:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:142:1:142:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:142:1:142:84 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("rightJoin").getReturn() |
|
||||
| tst.js:144:1:144:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:144:1:144:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:144:1:144:89 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("rightOuterJoin").getReturn() |
|
||||
| tst.js:146:1:146:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:146:1:146:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:146:1:146:88 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("fullOuterJoin").getReturn() |
|
||||
| tst.js:148:1:148:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:148:1:148:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:148:1:148:52 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("crossJoin").getReturn() |
|
||||
| tst.js:150:1:150:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:150:1:150:33 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:150:1:150:69 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("joinRaw").getReturn() |
|
||||
| tst.js:150:1:150:84 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("joinRaw").getReturn().getMember("where").getReturn() |
|
||||
| tst.js:152:1:152:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:152:1:152:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:152:1:154:2 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("join").getReturn() |
|
||||
| tst.js:156:1:156:28 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:156:1:156:42 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:156:1:156:63 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("where").getReturn() |
|
||||
| tst.js:156:1:156:79 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("where").getReturn().getMember("clear").getReturn() |
|
||||
| tst.js:156:1:156:94 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("where").getReturn().getMember("clear").getReturn().getMember("clear").getReturn() |
|
||||
| tst.js:158:1:158:17 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:158:1:158:53 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("distinct").getReturn() |
|
||||
| tst.js:160:1:160:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:160:1:160:31 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("distinctOn").getReturn() |
|
||||
| tst.js:162:1:162:44 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:162:1:162:58 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:162:1:162:89 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("groupByRaw").getReturn() |
|
||||
| tst.js:162:21:162:43 | use moduleImport("knex").getMember("exports").getReturn().getMember("raw").getReturn() |
|
||||
| tst.js:164:1:164:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:164:1:164:30 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("orderBy").getReturn() |
|
||||
| tst.js:166:1:166:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:166:1:166:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:166:1:166:64 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("orderByRaw").getReturn() |
|
||||
| tst.js:168:1:168:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:168:1:169:19 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("groupBy").getReturn() |
|
||||
| tst.js:168:1:170:26 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("groupBy").getReturn().getMember("orderBy").getReturn() |
|
||||
| tst.js:168:1:171:28 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("groupBy").getReturn().getMember("orderBy").getReturn().getMember("having").getReturn() |
|
||||
| tst.js:173:1:173:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:173:1:173:30 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn() |
|
||||
| tst.js:173:1:173:61 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn().getMember("from").getReturn().getMember("havingIn").getReturn() |
|
||||
| tst.js:175:1:175:13 | use moduleImport("knex").getMember("exports").getReturn().getReturn() |
|
||||
| tst.js:175:1:176:19 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("groupBy").getReturn() |
|
||||
| tst.js:175:1:177:26 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("groupBy").getReturn().getMember("orderBy").getReturn() |
|
||||
| tst.js:175:1:178:32 | use moduleImport("knex").getMember("exports").getReturn().getReturn().getMember("groupBy").getReturn().getMember("orderBy").getReturn().getMember("havingRaw").getReturn() |
|
||||
| tst.js:180:1:180:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:181:1:181:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:182:1:182:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:183:1:183:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:184:1:184:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:185:1:185:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:186:1:186:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:187:1:187:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
| tst.js:188:1:188:16 | use moduleImport("knex").getMember("exports").getReturn().getMember("select").getReturn() |
|
||||
|
||||
@@ -123,11 +123,11 @@ getAffectedStateAccessPath
|
||||
| react-redux.jsx:61:13:61:25 | manualReducer | manual |
|
||||
| trivial.js:130:14:130:46 | wrapper ... state) | wrapped |
|
||||
getADispatchFunctionNode
|
||||
| react-redux.jsx:65:20:65:32 | use (return (member useDispatch (member exports (module react-redux)))) |
|
||||
| react-redux.jsx:65:20:65:32 | use moduleImport("react-redux").getMember("exports").getMember("useDispatch").getReturn() |
|
||||
getADispatchedValueNode
|
||||
| react-redux.jsx:27:12:30:5 | def (return (member manualAction (parameter 1 (react-redux-connect)))) |
|
||||
| react-redux.jsx:69:18:69:39 | def (parameter 0 (return (member useDispatch (member exports (module react-redux))))) |
|
||||
| react-redux.jsx:70:18:70:38 | def (parameter 0 (return (member useDispatch (member exports (module react-redux))))) |
|
||||
| react-redux.jsx:27:12:30:5 | def getASuccessor(Label::entryPoint("react-redux-connect")).getParameter(1).getMember("manualAction").getReturn() |
|
||||
| react-redux.jsx:69:18:69:39 | def moduleImport("react-redux").getMember("exports").getMember("useDispatch").getReturn().getParameter(0) |
|
||||
| react-redux.jsx:70:18:70:38 | def moduleImport("react-redux").getMember("exports").getMember("useDispatch").getReturn().getParameter(0) |
|
||||
getAnUntypedActionInReducer
|
||||
| exportedReducer.js:12:20:12:25 | action |
|
||||
| react-redux.jsx:32:31:32:36 | action |
|
||||
|
||||
@@ -88,6 +88,12 @@ nodes
|
||||
| lib.js:92:3:92:12 | maybeProto |
|
||||
| lib.js:95:3:95:12 | maybeProto |
|
||||
| lib.js:95:3:95:12 | maybeProto |
|
||||
| lib.js:104:7:104:24 | one |
|
||||
| lib.js:104:13:104:24 | arguments[1] |
|
||||
| lib.js:104:13:104:24 | arguments[1] |
|
||||
| lib.js:108:3:108:10 | obj[one] |
|
||||
| lib.js:108:3:108:10 | obj[one] |
|
||||
| lib.js:108:7:108:9 | one |
|
||||
| tst.js:5:9:5:38 | taint |
|
||||
| tst.js:5:17:5:38 | String( ... y.data) |
|
||||
| tst.js:5:24:5:37 | req.query.data |
|
||||
@@ -219,6 +225,11 @@ edges
|
||||
| lib.js:91:7:91:28 | maybeProto | lib.js:95:3:95:12 | maybeProto |
|
||||
| lib.js:91:20:91:28 | obj[path] | lib.js:91:7:91:28 | maybeProto |
|
||||
| lib.js:91:24:91:27 | path | lib.js:91:20:91:28 | obj[path] |
|
||||
| lib.js:104:7:104:24 | one | lib.js:108:7:108:9 | one |
|
||||
| lib.js:104:13:104:24 | arguments[1] | lib.js:104:7:104:24 | one |
|
||||
| lib.js:104:13:104:24 | arguments[1] | lib.js:104:7:104:24 | one |
|
||||
| lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] |
|
||||
| lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] |
|
||||
| tst.js:5:9:5:38 | taint | tst.js:8:12:8:16 | taint |
|
||||
| tst.js:5:9:5:38 | taint | tst.js:9:12:9:16 | taint |
|
||||
| tst.js:5:9:5:38 | taint | tst.js:12:25:12:29 | taint |
|
||||
@@ -272,6 +283,7 @@ edges
|
||||
| lib.js:42:3:42:14 | obj[path[0]] | lib.js:40:14:40:20 | args[1] | lib.js:42:3:42:14 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:40:14:40:20 | args[1] | library input |
|
||||
| lib.js:70:13:70:24 | obj[path[0]] | lib.js:59:18:59:18 | s | lib.js:70:13:70:24 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:59:18:59:18 | s | library input |
|
||||
| lib.js:87:10:87:14 | proto | lib.js:83:14:83:25 | arguments[1] | lib.js:87:10:87:14 | proto | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:83:14:83:25 | arguments[1] | library input |
|
||||
| lib.js:108:3:108:10 | obj[one] | lib.js:104:13:104:24 | arguments[1] | lib.js:108:3:108:10 | obj[one] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:104:13:104:24 | arguments[1] | library input |
|
||||
| tst.js:8:5:8:17 | object[taint] | tst.js:5:24:5:37 | req.query.data | tst.js:8:5:8:17 | object[taint] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | tst.js:5:24:5:37 | req.query.data | user controlled input |
|
||||
| tst.js:9:5:9:17 | object[taint] | tst.js:5:24:5:37 | req.query.data | tst.js:9:5:9:17 | object[taint] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | tst.js:5:24:5:37 | req.query.data | user controlled input |
|
||||
| tst.js:14:5:14:32 | unsafeG ... taint) | tst.js:5:24:5:37 | req.query.data | tst.js:14:5:14:32 | unsafeG ... taint) | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | tst.js:5:24:5:37 | req.query.data | user controlled input |
|
||||
|
||||
@@ -93,4 +93,22 @@ module.exports.fixedProp = function (obj, path, value) {
|
||||
|
||||
var i = 0;
|
||||
maybeProto[i + 2] = value; // OK - number properties are OK.
|
||||
}
|
||||
}
|
||||
|
||||
function isPossibilityOfPrototypePollution(key) {
|
||||
return (key === '__proto__' || key === 'constructor');
|
||||
}
|
||||
|
||||
module.exports.sanWithFcuntion = function() {
|
||||
var obj = arguments[0];
|
||||
var one = arguments[1];
|
||||
var two = arguments[2];
|
||||
var value = arguments[3];
|
||||
|
||||
obj[one][two] = value; // NOT OK
|
||||
|
||||
if (isPossibilityOfPrototypePollution(one) || isPossibilityOfPrototypePollution(two)) {
|
||||
throw new Error('Prototype pollution is not allowed');
|
||||
}
|
||||
obj[one][two] = value; // OK
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user