mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
Merge pull request #6934 from erik-krogh/more-instanceof
Approved by MathiasVP, esbena, yoff
This commit is contained in:
CodeQL CI
@@ -63,29 +63,25 @@ module DOM {
|
||||
/**
|
||||
* An HTML element, viewed as an `ElementDefinition`.
|
||||
*/
|
||||
private class HtmlElementDefinition extends ElementDefinition, @xmlelement {
|
||||
HtmlElementDefinition() { this instanceof HTML::Element }
|
||||
|
||||
override string getName() { result = this.(HTML::Element).getName() }
|
||||
private class HtmlElementDefinition extends ElementDefinition, @xmlelement instanceof HTML::Element {
|
||||
override string getName() { result = HTML::Element.super.getName() }
|
||||
|
||||
override AttributeDefinition getAttribute(int i) {
|
||||
result = this.(HTML::Element).getAttribute(i)
|
||||
result = HTML::Element.super.getAttribute(i)
|
||||
}
|
||||
|
||||
override ElementDefinition getParent() { result = this.(HTML::Element).getParent() }
|
||||
override ElementDefinition getParent() { result = HTML::Element.super.getParent() }
|
||||
}
|
||||
|
||||
/**
|
||||
* A JSX element, viewed as an `ElementDefinition`.
|
||||
*/
|
||||
private class JsxElementDefinition extends ElementDefinition, @jsx_element {
|
||||
JsxElementDefinition() { this instanceof JSXElement }
|
||||
private class JsxElementDefinition extends ElementDefinition, @jsx_element instanceof JSXElement {
|
||||
override string getName() { result = JSXElement.super.getName() }
|
||||
|
||||
override string getName() { result = this.(JSXElement).getName() }
|
||||
override AttributeDefinition getAttribute(int i) { result = JSXElement.super.getAttribute(i) }
|
||||
|
||||
override AttributeDefinition getAttribute(int i) { result = this.(JSXElement).getAttribute(i) }
|
||||
|
||||
override ElementDefinition getParent() { result = this.(JSXElement).getJsxParent() }
|
||||
override ElementDefinition getParent() { result = super.getJsxParent() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -131,14 +127,12 @@ module DOM {
|
||||
/**
|
||||
* An HTML attribute, viewed as an `AttributeDefinition`.
|
||||
*/
|
||||
private class HtmlAttributeDefinition extends AttributeDefinition, @xmlattribute {
|
||||
HtmlAttributeDefinition() { this instanceof HTML::Attribute }
|
||||
private class HtmlAttributeDefinition extends AttributeDefinition, @xmlattribute instanceof HTML::Attribute {
|
||||
override string getName() { result = HTML::Attribute.super.getName() }
|
||||
|
||||
override string getName() { result = this.(HTML::Attribute).getName() }
|
||||
override string getStringValue() { result = super.getValue() }
|
||||
|
||||
override string getStringValue() { result = this.(HTML::Attribute).getValue() }
|
||||
|
||||
override ElementDefinition getElement() { result = this.(HTML::Attribute).getElement() }
|
||||
override ElementDefinition getElement() { result = HTML::Attribute.super.getElement() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -61,17 +61,15 @@ class ParameterNode extends DataFlow::SourceNode {
|
||||
* new Array(16)
|
||||
* ```
|
||||
*/
|
||||
class InvokeNode extends DataFlow::SourceNode {
|
||||
InvokeNode() { this instanceof DataFlow::Impl::InvokeNodeDef }
|
||||
|
||||
class InvokeNode extends DataFlow::SourceNode instanceof DataFlow::Impl::InvokeNodeDef {
|
||||
/** Gets the syntactic invoke expression underlying this function invocation. */
|
||||
InvokeExpr getInvokeExpr() { result = this.(DataFlow::Impl::InvokeNodeDef).getInvokeExpr() }
|
||||
InvokeExpr getInvokeExpr() { result = super.getInvokeExpr() }
|
||||
|
||||
/** Gets the name of the function or method being invoked, if it can be determined. */
|
||||
string getCalleeName() { result = this.(DataFlow::Impl::InvokeNodeDef).getCalleeName() }
|
||||
string getCalleeName() { result = super.getCalleeName() }
|
||||
|
||||
/** Gets the data flow node specifying the function to be called. */
|
||||
DataFlow::Node getCalleeNode() { result = this.(DataFlow::Impl::InvokeNodeDef).getCalleeNode() }
|
||||
DataFlow::Node getCalleeNode() { result = super.getCalleeNode() }
|
||||
|
||||
/**
|
||||
* Gets the data flow node corresponding to the `i`th argument of this invocation.
|
||||
@@ -92,10 +90,10 @@ class InvokeNode extends DataFlow::SourceNode {
|
||||
* but the position of `z` cannot be determined, hence there are no first and second
|
||||
* argument nodes.
|
||||
*/
|
||||
DataFlow::Node getArgument(int i) { result = this.(DataFlow::Impl::InvokeNodeDef).getArgument(i) }
|
||||
DataFlow::Node getArgument(int i) { result = super.getArgument(i) }
|
||||
|
||||
/** Gets the data flow node corresponding to an argument of this invocation. */
|
||||
DataFlow::Node getAnArgument() { result = this.(DataFlow::Impl::InvokeNodeDef).getAnArgument() }
|
||||
DataFlow::Node getAnArgument() { result = super.getAnArgument() }
|
||||
|
||||
/** Gets the data flow node corresponding to the last argument of this invocation. */
|
||||
DataFlow::Node getLastArgument() { result = getArgument(getNumArgument() - 1) }
|
||||
@@ -112,12 +110,10 @@ class InvokeNode extends DataFlow::SourceNode {
|
||||
* ```
|
||||
* .
|
||||
*/
|
||||
DataFlow::Node getASpreadArgument() {
|
||||
result = this.(DataFlow::Impl::InvokeNodeDef).getASpreadArgument()
|
||||
}
|
||||
DataFlow::Node getASpreadArgument() { result = super.getASpreadArgument() }
|
||||
|
||||
/** Gets the number of arguments of this invocation, if it can be determined. */
|
||||
int getNumArgument() { result = this.(DataFlow::Impl::InvokeNodeDef).getNumArgument() }
|
||||
int getNumArgument() { result = super.getNumArgument() }
|
||||
|
||||
Function getEnclosingFunction() { result = getBasicBlock().getContainer() }
|
||||
|
||||
@@ -258,15 +254,13 @@ class InvokeNode extends DataFlow::SourceNode {
|
||||
* Math.abs(x)
|
||||
* ```
|
||||
*/
|
||||
class CallNode extends InvokeNode {
|
||||
CallNode() { this instanceof DataFlow::Impl::CallNodeDef }
|
||||
|
||||
class CallNode extends InvokeNode instanceof DataFlow::Impl::CallNodeDef {
|
||||
/**
|
||||
* Gets the data flow node corresponding to the receiver expression of this method call.
|
||||
*
|
||||
* For example, the receiver of `x.m()` is `x`.
|
||||
*/
|
||||
DataFlow::Node getReceiver() { result = this.(DataFlow::Impl::CallNodeDef).getReceiver() }
|
||||
DataFlow::Node getReceiver() { result = super.getReceiver() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -279,11 +273,9 @@ class CallNode extends InvokeNode {
|
||||
* Math.abs(x)
|
||||
* ```
|
||||
*/
|
||||
class MethodCallNode extends CallNode {
|
||||
MethodCallNode() { this instanceof DataFlow::Impl::MethodCallNodeDef }
|
||||
|
||||
class MethodCallNode extends CallNode instanceof DataFlow::Impl::MethodCallNodeDef {
|
||||
/** Gets the name of the invoked method, if it can be determined. */
|
||||
string getMethodName() { result = this.(DataFlow::Impl::MethodCallNodeDef).getMethodName() }
|
||||
string getMethodName() { result = super.getMethodName() }
|
||||
|
||||
/**
|
||||
* Holds if this data flow node calls method `methodName` on receiver node `receiver`.
|
||||
|
||||
@@ -53,21 +53,18 @@ abstract class RefinementCandidate extends Expr {
|
||||
* A refinement candidate that references at most one variable, and hence
|
||||
* can be used to refine the abstract values inferred for that variable.
|
||||
*/
|
||||
class Refinement extends Expr {
|
||||
Refinement() {
|
||||
this instanceof RefinementCandidate and
|
||||
count(this.(RefinementCandidate).getARefinedVar()) <= 1
|
||||
}
|
||||
class Refinement extends Expr instanceof RefinementCandidate {
|
||||
Refinement() { count(this.(RefinementCandidate).getARefinedVar()) <= 1 }
|
||||
|
||||
/**
|
||||
* Gets the variable refined by this expression, if any.
|
||||
*/
|
||||
SsaSourceVariable getRefinedVar() { result = this.(RefinementCandidate).getARefinedVar() }
|
||||
SsaSourceVariable getRefinedVar() { result = super.getARefinedVar() }
|
||||
|
||||
/**
|
||||
* Gets a refinement value inferred for this expression in context `ctxt`.
|
||||
*/
|
||||
RefinementValue eval(RefinementContext ctxt) { result = this.(RefinementCandidate).eval(ctxt) }
|
||||
RefinementValue eval(RefinementContext ctxt) { result = super.eval(ctxt) }
|
||||
}
|
||||
|
||||
/** A literal, viewed as a refinement expression. */
|
||||
|
||||
@@ -47,10 +47,8 @@ module PolynomialReDoS {
|
||||
* A remote input to a server, seen as a source for polynomial
|
||||
* regular expression denial-of-service vulnerabilities.
|
||||
*/
|
||||
class RequestInputAccessAsSource extends Source {
|
||||
RequestInputAccessAsSource() { this instanceof HTTP::RequestInputAccess }
|
||||
|
||||
override string getKind() { result = this.(HTTP::RequestInputAccess).getKind() }
|
||||
class RequestInputAccessAsSource extends Source instanceof HTTP::RequestInputAccess {
|
||||
override string getKind() { result = HTTP::RequestInputAccess.super.getKind() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -39,21 +39,17 @@ module LdapInjection {
|
||||
/**
|
||||
* An LDAP filter for an API call that executes an operation against the LDAP server.
|
||||
*/
|
||||
class LdapjsSearchFilterAsSink extends Sink {
|
||||
LdapjsSearchFilterAsSink() { this instanceof LdapjsSearchFilter }
|
||||
|
||||
class LdapjsSearchFilterAsSink extends Sink instanceof LdapjsSearchFilter {
|
||||
override DataFlow::InvokeNode getQueryCall() {
|
||||
result = this.(LdapjsSearchFilter).getQueryCall()
|
||||
result = LdapjsSearchFilter.super.getQueryCall()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* An LDAP DN argument for an API call that executes an operation against the LDAP server.
|
||||
*/
|
||||
class LdapjsDNArgumentAsSink extends Sink {
|
||||
LdapjsDNArgumentAsSink() { this instanceof LdapjsDNArgument }
|
||||
|
||||
override DataFlow::InvokeNode getQueryCall() { result = this.(LdapjsDNArgument).getQueryCall() }
|
||||
class LdapjsDNArgumentAsSink extends Sink instanceof LdapjsDNArgument {
|
||||
override DataFlow::InvokeNode getQueryCall() { result = LdapjsDNArgument.super.getQueryCall() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user