add support for the replicator library

2026-04-28 18:25:24 +02:00 · 2021-06-24 11:20:38 +02:00
parent babf657d9d
commit d6300bced3
5 changed files with 9 additions and 1 deletions
--- a/javascript/ql/src/semmle/javascript/JsonParsers.qll
+++ b/javascript/ql/src/semmle/javascript/JsonParsers.qll
@@ -27,6 +27,7 @@ private class PlainJsonParserCall extends JsonParserCall {
    exists(DataFlow::SourceNode callee | this = callee.getACall() |
      callee = DataFlow::globalVarRef("JSON").getAPropertyRead("parse") or
      callee = DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript"], "parse") or
+      callee = API::moduleImport("replicator").getInstance().getMember("decode").getAnImmediateUse() or
      callee = DataFlow::moduleImport("parse-json") or
      callee = DataFlow::moduleImport("json-parse-better-errors") or
      callee = DataFlow::moduleImport("json-safe-parse") or
--- a/javascript/ql/src/semmle/javascript/JsonStringifiers.qll
+++ b/javascript/ql/src/semmle/javascript/JsonStringifiers.qll
@@ -13,6 +13,7 @@ class JsonStringifyCall extends DataFlow::CallNode {
      callee = DataFlow::globalVarRef("JSON").getAPropertyRead("stringify") or
      callee =
        DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript"], "stringify") or
+      callee = API::moduleImport("replicator").getInstance().getMember("encode").getAnImmediateUse() or
      callee =
        DataFlow::moduleImport([
            "json-stringify-safe", "json-stable-stringify", "stringify-object",
--- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
+++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -94,6 +94,7 @@ typeInferenceMismatch
 | json-stringify.js:2:16:2:23 | source() | json-stringify.js:24:8:24:43 | json5.s ... ource)) |
 | json-stringify.js:2:16:2:23 | source() | json-stringify.js:27:8:27:47 | flatted ... ource)) |
 | json-stringify.js:2:16:2:23 | source() | json-stringify.js:30:8:30:49 | telepor ... ource)) |
+| json-stringify.js:2:16:2:23 | source() | json-stringify.js:34:8:34:51 | replica ... ource)) |
 | json-stringify.js:3:15:3:22 | source() | json-stringify.js:8:8:8:31 | jsonStr ... (taint) |
 | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x |
 | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y |
--- a/javascript/ql/test/library-tests/TaintTracking/json-stringify.js
+++ b/javascript/ql/test/library-tests/TaintTracking/json-stringify.js
@@ -28,4 +28,8 @@ function foo() {

  const teleport = require('teleport-javascript');
  sink(teleport.stringify(teleport.parse(source))); // NOT OK
+
+  const Replicator = require('replicator');
+  const replicator = new Replicator();
+  sink(replicator.encode(replicator.decode(source))); // NOT OK
 }