mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
JS: Update Nest model
An external contribution added more uses of the now-deprecated getType() predicate while this PR was open.
This commit is contained in:
Asger F
@@ -539,46 +539,32 @@ module NestJS {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
private DataFlow::Node getConcreteClassFromProviderTuple(DataFlow::SourceNode tuple) {
|
private DataFlow::ClassNode getConcreteClassFromProviderTuple(DataFlow::SourceNode tuple) {
|
||||||
result = tuple.getAPropertyWrite("useClass").getRhs()
|
result = tuple.getAPropertyWrite("useClass").getRhs().asExpr().getNameBinding().getClassNode()
|
||||||
or
|
or
|
||||||
exists(DataFlow::FunctionNode f |
|
exists(DataFlow::FunctionNode f |
|
||||||
f = tuple.getAPropertyWrite("useFactory").getRhs().getAFunctionValue() and
|
f = tuple.getAPropertyWrite("useFactory").getRhs().getAFunctionValue() and
|
||||||
result.getAstNode() = f.getFunction().getAReturnedExpr().getType().(ClassType).getClass()
|
result = f.getFunction().getAReturnedExpr().getTypeBinding().getAnUnderlyingClass()
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
result.getAstNode() =
|
result =
|
||||||
tuple.getAPropertyWrite("useValue").getRhs().asExpr().getType().(ClassType).getClass()
|
tuple.getAPropertyWrite("useValue").getRhs().asExpr().getTypeBinding().getAnUnderlyingClass()
|
||||||
}
|
}
|
||||||
|
|
||||||
private predicate providerPair(DataFlow::Node interface, DataFlow::Node concreteClass) {
|
private predicate providerPair(DataFlow::ClassNode interface, DataFlow::ClassNode concreteClass) {
|
||||||
exists(DataFlow::SourceNode tuple |
|
exists(DataFlow::SourceNode tuple |
|
||||||
tuple = providerTuple().getALocalSource() and
|
tuple = providerTuple().getALocalSource() and
|
||||||
interface = tuple.getAPropertyWrite("provide").getRhs() and
|
interface =
|
||||||
|
tuple.getAPropertyWrite("provide").getRhs().asExpr().getNameBinding().getClassNode() and
|
||||||
concreteClass = getConcreteClassFromProviderTuple(tuple)
|
concreteClass = getConcreteClassFromProviderTuple(tuple)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Gets the class being referenced at `node` without relying on the call graph. */
|
|
||||||
private DataFlow::ClassNode getClassFromNode(DataFlow::Node node) {
|
|
||||||
result = node.asExpr().getNameBinding().getClassNode()
|
|
||||||
}
|
|
||||||
|
|
||||||
private predicate providerClassPair(
|
|
||||||
DataFlow::ClassNode interface, DataFlow::ClassNode concreteClass
|
|
||||||
) {
|
|
||||||
exists(DataFlow::Node interfaceNode, DataFlow::Node concreteClassNode |
|
|
||||||
providerPair(interfaceNode, concreteClassNode) and
|
|
||||||
interface = getClassFromNode(interfaceNode) and
|
|
||||||
concreteClass = getClassFromNode(concreteClassNode)
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
private class DependencyInjectionStep extends PreCallGraphStep {
|
private class DependencyInjectionStep extends PreCallGraphStep {
|
||||||
override predicate classInstanceSource(DataFlow::ClassNode cls, DataFlow::Node node) {
|
override predicate classInstanceSource(DataFlow::ClassNode cls, DataFlow::Node node) {
|
||||||
exists(DataFlow::ClassNode interfaceClass |
|
exists(DataFlow::ClassNode interfaceClass |
|
||||||
node.asExpr().getTypeBinding().getTypeDefinition() = interfaceClass.getAstNode() and
|
node.asExpr().getTypeBinding().getTypeDefinition() = interfaceClass.getAstNode() and
|
||||||
providerClassPair(interfaceClass, cls)
|
providerPair(interfaceClass, cls)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user