add explicit this

2025-12-24 12:46:34 +01:00 · 2022-05-24 10:59:13 +02:00
parent d1ad08ecb5
commit d58fe8e193
4 changed files with 19 additions and 19 deletions
--- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
@@ -87,7 +87,7 @@ module TaintTracking {
    override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) {
      super.isLabeledBarrier(node, lbl)
      or
-      isSanitizer(node) and lbl.isTaint()
+      this.isSanitizer(node) and lbl.isTaint()
    }

    override predicate isBarrier(DataFlow::Node node) {
@@ -103,15 +103,15 @@ module TaintTracking {
    ) {
      super.isBarrierEdge(source, sink, lbl)
      or
-      isSanitizerEdge(source, sink, lbl)
+      this.isSanitizerEdge(source, sink, lbl)
      or
-      isSanitizerEdge(source, sink) and lbl.isTaint()
+      this.isSanitizerEdge(source, sink) and lbl.isTaint()
    }

    final override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) {
      super.isBarrierGuard(guard) or
      guard.(AdditionalSanitizerGuardNode).appliesTo(this) or
-      isSanitizerGuard(guard)
+      this.isSanitizerGuard(guard)
    }

    /**
@@ -121,14 +121,14 @@ module TaintTracking {
    predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { none() }

    final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-      isAdditionalTaintStep(pred, succ) or
+      this.isAdditionalTaintStep(pred, succ) or
      sharedTaintStep(pred, succ)
    }

    final override predicate isAdditionalFlowStep(
      DataFlow::Node pred, DataFlow::Node succ, boolean valuePreserving
    ) {
-      isAdditionalFlowStep(pred, succ) and valuePreserving = false
+      this.isAdditionalFlowStep(pred, succ) and valuePreserving = false
    }

    override DataFlow::FlowLabel getDefaultSourceLabel() { result.isTaint() }
@@ -173,9 +173,9 @@ module TaintTracking {
    abstract predicate sanitizes(boolean outcome, Expr e);

    override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) {
-      sanitizes(outcome, e) and label.isTaint()
+      this.sanitizes(outcome, e) and label.isTaint()
      or
-      sanitizes(outcome, e, label)
+      this.sanitizes(outcome, e, label)
    }

    /**
@@ -1032,13 +1032,13 @@ module TaintTracking {
        name = "has" or
        name = "hasOwnProperty"
      |
-        getMethodName() = name
+        this.getMethodName() = name
      )
    }

    override predicate sanitizes(boolean outcome, Expr e) {
      outcome = true and
-      e = getArgument(0).asExpr()
+      e = this.getArgument(0).asExpr()
    }

    override predicate appliesTo(Configuration cfg) { any() }
@@ -1053,14 +1053,14 @@ module TaintTracking {
   */
  class AdHocWhitelistCheckSanitizer extends SanitizerGuardNode, DataFlow::CallNode {
    AdHocWhitelistCheckSanitizer() {
-      getCalleeName()
+      this.getCalleeName()
          .regexpMatch("(?i).*((?<!un)safe|whitelist|(?<!in)valid|allow|(?<!un)auth(?!or\\b)).*") and
-      getNumArgument() = 1
+      this.getNumArgument() = 1
    }

    override predicate sanitizes(boolean outcome, Expr e) {
      outcome = true and
-      e = getArgument(0).asExpr()
+      e = this.getArgument(0).asExpr()
    }
  }

--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
@@ -24,7 +24,7 @@ class DangerousScheme extends string {
  string getWithoutColon() { this = result + ":" }

  /** Gets the name of this scheme, with or without the `:`. */
-  string getWithOrWithoutColon() { result = this or result = getWithoutColon() }
+  string getWithOrWithoutColon() { result = this or result = this.getWithoutColon() }
 }

 /** Returns a node that refers to the scheme of `url`. */
--- a/javascript/ql/test/ApiGraphs/VerifyAssertions.qll
+++ b/javascript/ql/test/ApiGraphs/VerifyAssertions.qll
@@ -84,8 +84,8 @@ class Assertion extends Comment {
  string tryExplainFailure() {
    exists(int i, API::Node nd, string prefix, string suffix |
      nd = this.lookup(i) and
-      i < getPathLength() and
-      not exists(this.lookup([i + 1 .. getPathLength()])) and
+      i < this.getPathLength() and
+      not exists(this.lookup([i + 1 .. this.getPathLength()])) and
      prefix = nd + " has no outgoing edge labelled " + this.getEdgeLabel(i) + ";" and
      if exists(nd.getASuccessor())
      then
--- a/javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/Test.ql
+++ b/javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/Test.ql
@@ -42,16 +42,16 @@ class AnnotatedCall extends DataFlow::Node {
  string getCallTargetName() { result = calls }

  AnnotatedFunction getAnExpectedCallee(string kind_) {
-    result.getCalleeName() = getCallTargetName() and
+    result.getCalleeName() = this.getCallTargetName() and
    kind = kind_
  }

  int getBoundArgs() { result = getAnnotation(this.getAstNode(), "boundArgs").toInt() }

  int getBoundArgsOrMinusOne() {
-    result = getBoundArgs()
+    result = this.getBoundArgs()
    or
-    not exists(getBoundArgs()) and
+    not exists(this.getBoundArgs()) and
    result = -1
  }