JS: Restrict class values flowing through globals

2025-12-18 09:43:15 +01:00 · 2019-09-08 15:32:48 +01:00
parent dbfd0ae03b
commit d3f587c12a
2 changed files with 6 additions and 2 deletions
--- a/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
@@ -674,7 +674,12 @@ class ClassNode extends DataFlow::SourceNode {
   */
  DataFlow::SourceNode getAClassReference(DataFlow::TypeTracker t) {
    t.start() and
-    result.(AnalyzedNode).getAValue() = getAbstractClassValue()
+    result.(AnalyzedNode).getAValue() = getAbstractClassValue() and
+    (
+      not CallGraph::isIndefiniteGlobal(result)
+      or
+      result.getAstNode().getFile() = this.getAstNode().getFile()
+    )
    or
    exists(DataFlow::TypeTracker t2 | result = getAClassReference(t2).track(t2, t))
  }