hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: generalize to include default imports

Browse Source
This commit is contained in:
Asger F
2019-02-13 18:03:57 +00:00
parent d532815efe
commit dfe3f254de
7 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll
View File

@@ -39,7 +39,7 @@ module DataFlow {
not exists(SsaExplicitDefinition ssa | p = ssa.getDef())
} or
TDestructuredModuleImportNode(ImportDeclaration decl) {
decl.getASpecifier() instanceof NamedImportSpecifier
exists(decl.getASpecifier().getImportedName())
}
/**
@@ -346,10 +346,7 @@ module DataFlow {
}
/**
* A node referring to the module imported at a named ES2015 import declaration.
*
* Default imports and namespace imports do not fall into this category, as the
* SSA definition of the local variable is used as the source of the module instead.
* A node referring to the module imported at a named or default ES2015 import declaration.
*/
private class DestructuredModuleImportNode extends Node, TDestructuredModuleImportNode {
ImportDeclaration imprt;
@@ -687,13 +684,14 @@ module DataFlow {
/**
* A named import specifier seen as a property read on the imported module.
*/
private class NamedImportSpecifierAsPropRead extends PropRead {
private class ImportSpecifierAsPropRead extends PropRead {
ImportDeclaration imprt;
NamedImportSpecifier spec;
ImportSpecifier spec;
NamedImportSpecifierAsPropRead() {
ImportSpecifierAsPropRead() {
spec = imprt.getASpecifier() and
exists(spec.getImportedName()) and
exists(SsaExplicitDefinition ssa |
ssa.getDef() = spec and
this = TSsaDefNode(ssa)

1
javascript/ql/test/library-tests/InterProceduralFlow/TaintTracking.expected
View File

@@ -18,6 +18,7 @@
| global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) |
| global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) |
| nodeJsLib.js:1:15:1:23 | "tainted" | esClient.js:7:13:7:18 | nj.foo |
| nodeJsLib.js:1:15:1:23 | "tainted" | esClient.js:10:13:10:17 | njFoo |
| nodeJsLib.js:1:15:1:23 | "tainted" | nodeJsClient.js:4:13:4:18 | nj.foo |
| nodeJsLib.js:2:15:2:23 | "tainted" | esClient.js:7:13:7:18 | nj.foo |
| nodeJsLib.js:2:15:2:23 | "tainted" | esClient.js:10:13:10:17 | njFoo |

1
javascript/ql/test/library-tests/ModuleImportNodes/ModuleImportNode_getAPropertyRead.expected
View File

@@ -2,6 +2,7 @@
| amd2.js:2:12:2:24 | require('fs') | amd2.js:3:3:3:17 | fs.readFileSync |
| destructuringES6.js:1:1:1:41 | import ... ctron'; | destructuringES6.js:1:10:1:22 | BrowserWindow |
| destructuringRequire.js:1:27:1:45 | require('electron') | destructuringRequire.js:1:9:1:21 | BrowserWindow |
| instanceThroughDefaultImport.js:1:1:1:82 | import ... tance'; | instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName |
| moduleUses.js:1:11:1:24 | require('mod') | moduleUses.js:3:1:3:16 | mod.moduleMethod |
| moduleUses.js:1:11:1:24 | require('mod') | moduleUses.js:5:9:5:26 | mod.moduleFunction |
| moduleUses.js:1:11:1:24 | require('mod') | moduleUses.js:8:9:8:31 | mod.con ... unction |

1
javascript/ql/test/library-tests/ModuleImportNodes/ModuleImportNode_getPath.expected
View File

@@ -2,6 +2,7 @@
| amd2.js:2:12:2:24 | require('fs') | fs |
| destructuringES6.js:1:1:1:41 | import ... ctron'; | electron |
| destructuringRequire.js:1:27:1:45 | require('electron') | electron |
| instanceThroughDefaultImport.js:1:1:1:82 | import ... tance'; | myDefaultImportedModuleInstance |
| instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName | myDefaultImportedModuleInstance |
| instanceThroughNamespaceImport.js:1:8:1:49 | myNamespaceImportedModuleInstanceName | myNamespaceImportedModuleInstance |
| instanceThroughRequire.js:1:36:1:70 | require ... tance') | myRequiredModuleInstance |

1
javascript/ql/test/library-tests/ModuleImportNodes/moduleImport.expected
View File

@@ -3,6 +3,7 @@
| fs | amd1.js:1:25:1:26 | fs |
| fs | amd2.js:2:12:2:24 | require('fs') |
| mod | moduleUses.js:1:11:1:24 | require('mod') |
| myDefaultImportedModuleInstance | instanceThroughDefaultImport.js:1:1:1:82 | import ... tance'; |
| myDefaultImportedModuleInstance | instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName |
| myNamespaceImportedModuleInstance | instanceThroughNamespaceImport.js:1:8:1:49 | myNamespaceImportedModuleInstanceName |
| myRequiredModuleInstance | instanceThroughRequire.js:1:36:1:70 | require ... tance') |

1
javascript/ql/test/library-tests/ModuleImportNodes/moduleImportProp.expected
View File

@@ -6,3 +6,4 @@
| mod | moduleField | moduleUses.js:11:1:11:15 | mod.moduleField |
| mod | moduleFunction | moduleUses.js:5:9:5:26 | mod.moduleFunction |
| mod | moduleMethod | moduleUses.js:3:1:3:16 | mod.moduleMethod |
| myDefaultImportedModuleInstance | default | instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName |

2
javascript/ql/test/library-tests/Portals/PortalExit.expected
View File

@@ -1038,4 +1038,6 @@
| (return (root https://www.npmjs.com/package/m2)) | src/m3/tst3.js:4:1:4:11 | new A("me") | false |
| (return (root https://www.npmjs.com/package/m2)) | src/m3/tst3.js:5:1:5:11 | new A("me") | false |
| (root https://www.npmjs.com/package/m1) | src/m3/index.js:1:10:1:22 | require("m1") | false |
| (root https://www.npmjs.com/package/m2) | src/m3/tst2.js:1:1:1:25 | import ... m "m2"; | false |
| (root https://www.npmjs.com/package/m2) | src/m3/tst3.js:1:1:1:19 | import A from "m2"; | false |
| (root https://www.npmjs.com/package/m2) | src/m3/tst3.js:1:8:1:8 | A | false |