hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Disallow return steps in getASinkNode

Browse Source
This commit is contained in:
Asger F
2024-02-14 21:13:12 +01:00
parent 51bed86778
commit d96f29d6c2
1 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
javascript/ql/lib/semmle/javascript/endpoints/EndpointNaming.qll
View File

@@ -185,9 +185,24 @@ private predicate sinkHasAlias(API::Node sink, string package, string name) {
)
}
/** Gets a source node that can flow to `sink` without using a return step. */
private DataFlow::SourceNode nodeReachingSink(API::Node sink, DataFlow::TypeBackTracker t) {
t.start() and
result = sink.asSink().getALocalSource()
or
exists(DataFlow::TypeBackTracker t2 |
result = nodeReachingSink(sink, t2).backtrack(t2, t) and
t.hasReturn() = false
)
}
/** Gets a source node that can flow to `sink` without using a return step. */
DataFlow::SourceNode nodeReachingSink(API::Node sink) {
result = nodeReachingSink(sink, DataFlow::TypeBackTracker::end())
}
/** Gets a sink node reachable from `node`. */
bindingset[node]
private API::Node getASinkNode(DataFlow::SourceNode node) { result.getAValueReachingSink() = node }
private API::Node getASinkNode(DataFlow::SourceNode node) { node = nodeReachingSink(result) }
/**
* Holds if `node` is a declaration in an externs file.