hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ensure Member tokens from flow summaries are seen in PropertyName

Browse Source
This commit is contained in:
Asger F
2024-06-27 10:22:14 +02:00
parent c52a4b0621
commit df0488a470
2 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll
View File

@@ -1,5 +1,7 @@
private import javascript
private import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels
private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate
private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax
module Private {
import Public
@@ -15,6 +17,15 @@ module Private {
/** Gets the largest array index should be propagated precisely through flow summaries. */
int getAPreciseArrayIndex() { result = [0 .. getMaxPreciseArrayIndex()] }
/**
* Holds if a MaD access path token of form `name[arg]` exists.
*/
predicate isAccessPathTokenPresent(string name, string arg) {
arg = any(FlowSummaryPrivate::AccessPathToken tok).getAnArgument(name)
or
arg = any(ApiGraphModels::AccessPathToken tok).getAnArgument(name)
}
/**
* Holds if values associated with `key` should be tracked as a individual contents of a `Map` object.
*/
@@ -25,10 +36,7 @@ module Private {
call.getArgument(0).getStringValue() = key
)
or
exists(ApiGraphModels::AccessPathToken token |
token.getName() = "MapValue" and
token.getAnArgument() = key
)
isAccessPathTokenPresent("MapValue", key)
}
/**
@@ -47,9 +55,7 @@ module Private {
or
this = getAPreciseArrayIndex().toString()
or
exists(ApiGraphModels::AccessPathToken tok |
tok.getName() = "Member" and this = tok.getAnArgument()
)
isAccessPathTokenPresent("Member", this)
}
/** Gets the array index corresponding to this property name. */

4
javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll
View File

@@ -141,6 +141,10 @@ module Steps = Private::Steps<FlowSummaryStepInput>;
module RenderSummarizedCallable = Private::RenderSummarizedCallable<FlowSummaryStepInput>;
class AccessPath = Private::AccessPath;
class AccessPathToken = Private::AccessPathToken;
/**
* Gets the textual representation of return kind `rk` used in MaD.
*