hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Fix callback check so it works without parameters

Browse Source
This commit is contained in:
Asger F
2024-11-21 09:23:38 +01:00
parent b7dd455aff
commit dcdb2e5133
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/lib/semmle/javascript/internal/flow_summaries/ExceptionFlow.qll
View File

@@ -8,6 +8,17 @@ private import semmle.javascript.dataflow.internal.AdditionalFlowInternal
private import semmle.javascript.dataflow.FlowSummary
private import semmle.javascript.internal.flow_summaries.Promises
private predicate isCallback(DataFlow::SourceNode node) {
node instanceof DataFlow::FunctionNode
or
node instanceof DataFlow::PartialInvokeNode
or
exists(DataFlow::SourceNode prev |
isCallback(prev) and
DataFlow::argumentPassingStep(_, prev.getALocalUse(), _, node)
)
}
/**
* Summary that propagates exceptions out of callbacks back to the caller.
*/
@@ -21,7 +32,7 @@ private class ExceptionFlowSummary extends SummarizedCallable {
["then", "catch", "finally", "addEventListener", EventEmitter::on()] and
not result = promiseConstructorRef().getAnInvocation() and
// Restrict to cases where a callback is known to flow in, as lambda flow in DataFlowImplCommon blows up otherwise
exists(result.getABoundCallbackParameter(_, _))
isCallback(result.getAnArgument().getALocalSource())
}
override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {