mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
Javascript: Autoformat.
This commit is contained in:
Anders Schack-Mulligen
@@ -1,6 +1,7 @@
|
||||
import javascript
|
||||
|
||||
from Function f, GlobalVariable gv
|
||||
where gv.getAnAccess().getEnclosingFunction() = f and
|
||||
not f.getStartBB().isLiveAtEntry(gv, _)
|
||||
where
|
||||
gv.getAnAccess().getEnclosingFunction() = f and
|
||||
not f.getStartBB().isLiveAtEntry(gv, _)
|
||||
select f, "This function uses " + gv + " like a local variable."
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import javascript
|
||||
|
||||
from VarDef def, LocalVariable v
|
||||
where v = def.getAVariable() and
|
||||
not exists (VarUse use | def = use.getADef())
|
||||
where
|
||||
v = def.getAVariable() and
|
||||
not exists(VarUse use | def = use.getADef())
|
||||
select def, "Dead store of local variable."
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
import javascript
|
||||
|
||||
from SimpleParameter res, DataFlow::Node resNode, MethodCallExpr send
|
||||
where res.getName() = "res" and
|
||||
resNode = DataFlow::parameterNode(res) and
|
||||
resNode.getASuccessor+() = DataFlow::valueNode(send.getReceiver()) and
|
||||
send.getMethodName() = "send"
|
||||
where
|
||||
res.getName() = "res" and
|
||||
resNode = DataFlow::parameterNode(res) and
|
||||
resNode.getASuccessor+() = DataFlow::valueNode(send.getReceiver()) and
|
||||
send.getMethodName() = "send"
|
||||
select send
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
import javascript
|
||||
|
||||
from StrictEqualityTest eq, DataFlow::AnalyzedNode nd, NullLiteral null
|
||||
where eq.hasOperands(nd.asExpr(), null) and
|
||||
not nd.getAValue().isIndefinite(_) and
|
||||
not nd.getAValue() instanceof AbstractNull
|
||||
where
|
||||
eq.hasOperands(nd.asExpr(), null) and
|
||||
not nd.getAValue().isIndefinite(_) and
|
||||
not nd.getAValue() instanceof AbstractNull
|
||||
select eq, "Spurious null check."
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import javascript
|
||||
|
||||
from DataFlow::InvokeNode cs
|
||||
where not cs.isIncomplete() and
|
||||
not exists(cs.getACallee())
|
||||
where
|
||||
not cs.isIncomplete() and
|
||||
not exists(cs.getACallee())
|
||||
select cs, "Unable to find a callee for this call site."
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
import javascript
|
||||
|
||||
class TrackedStringLiteral extends DataFlow::TrackedNode {
|
||||
TrackedStringLiteral() {
|
||||
this.asExpr() instanceof ConstantString
|
||||
}
|
||||
TrackedStringLiteral() { this.asExpr() instanceof ConstantString }
|
||||
}
|
||||
|
||||
from TrackedStringLiteral source, DataFlow::Node sink, SsaExplicitDefinition def
|
||||
where source.flowsTo(sink) and sink = DataFlow::ssaDefinitionNode(def) and
|
||||
def.getSourceVariable().getName().toLowerCase() = "password"
|
||||
where
|
||||
source.flowsTo(sink) and
|
||||
sink = DataFlow::ssaDefinitionNode(def) and
|
||||
def.getSourceVariable().getName().toLowerCase() = "password"
|
||||
select sink
|
||||
|
||||
@@ -1,26 +1,22 @@
|
||||
import javascript
|
||||
|
||||
class PasswordTracker extends DataFlow::Configuration {
|
||||
PasswordTracker() {
|
||||
// unique identifier for this configuration
|
||||
this = "PasswordTracker"
|
||||
}
|
||||
PasswordTracker() {
|
||||
// unique identifier for this configuration
|
||||
this = "PasswordTracker"
|
||||
}
|
||||
|
||||
override predicate isSource(DataFlow::Node nd) {
|
||||
nd.asExpr() instanceof StringLiteral
|
||||
}
|
||||
override predicate isSource(DataFlow::Node nd) { nd.asExpr() instanceof StringLiteral }
|
||||
|
||||
override predicate isSink(DataFlow::Node nd) {
|
||||
passwordVarAssign(_, nd)
|
||||
}
|
||||
override predicate isSink(DataFlow::Node nd) { passwordVarAssign(_, nd) }
|
||||
|
||||
predicate passwordVarAssign(Variable v, DataFlow::Node nd) {
|
||||
exists (SsaExplicitDefinition def |
|
||||
nd = DataFlow::ssaDefinitionNode(def) and
|
||||
def.getSourceVariable() = v and
|
||||
v.getName().toLowerCase() = "password"
|
||||
)
|
||||
}
|
||||
predicate passwordVarAssign(Variable v, DataFlow::Node nd) {
|
||||
exists(SsaExplicitDefinition def |
|
||||
nd = DataFlow::ssaDefinitionNode(def) and
|
||||
def.getSourceVariable() = v and
|
||||
v.getName().toLowerCase() = "password"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
from PasswordTracker pt, DataFlow::Node source, DataFlow::Node sink, Variable v
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
import javascript
|
||||
|
||||
from NPMPackage pkg, PackageDependencies deps, string name
|
||||
where deps = pkg.getPackageJSON().getDependencies() and
|
||||
deps.getADependency(name, _) and
|
||||
not exists (Require req | req.getTopLevel() = pkg.getAModule() | name = req.getImportedPath().getValue())
|
||||
where
|
||||
deps = pkg.getPackageJSON().getDependencies() and
|
||||
deps.getADependency(name, _) and
|
||||
not exists(Require req | req.getTopLevel() = pkg.getAModule() |
|
||||
name = req.getImportedPath().getValue()
|
||||
)
|
||||
select deps, "Unused dependency '" + name + "'."
|
||||
|
||||
@@ -1,12 +1,7 @@
|
||||
import javascript
|
||||
|
||||
class CommaToken extends PunctuatorToken {
|
||||
CommaToken() {
|
||||
getValue() = ","
|
||||
}
|
||||
}
|
||||
class CommaToken extends PunctuatorToken { CommaToken() { getValue() = "," } }
|
||||
|
||||
from CommaToken comma
|
||||
where comma.getNextToken() instanceof CommaToken
|
||||
select comma, "Omitted array elements are bad style."
|
||||
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import javascript
|
||||
|
||||
from JSDocTag t
|
||||
where t.getTitle() = "param" and
|
||||
not exists(t.getName())
|
||||
where
|
||||
t.getTitle() = "param" and
|
||||
not exists(t.getName())
|
||||
select t, "@param tag is missing name."
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
import javascript
|
||||
|
||||
from Function fun, Parameter p, Parameter q, int i, int j
|
||||
where p = fun.getParameter(i) and
|
||||
q = fun.getParameter(j) and
|
||||
i < j and
|
||||
p.getAVariable() = q.getAVariable()
|
||||
where
|
||||
p = fun.getParameter(i) and
|
||||
q = fun.getParameter(j) and
|
||||
i < j and
|
||||
p.getAVariable() = q.getAVariable()
|
||||
select fun, "This function has two parameters that bind the same variable."
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
import javascript
|
||||
|
||||
from DeclStmt ds, VariableDeclarator d1, VariableDeclarator d2, Variable v, int i, int j
|
||||
where d1 = ds.getDecl(i) and
|
||||
d2 = ds.getDecl(j) and
|
||||
i < j and
|
||||
v = d1.getBindingPattern().getAVariable() and
|
||||
v = d2.getBindingPattern().getAVariable() and
|
||||
not ds.getTopLevel().isMinified()
|
||||
where
|
||||
d1 = ds.getDecl(i) and
|
||||
d2 = ds.getDecl(j) and
|
||||
i < j and
|
||||
v = d1.getBindingPattern().getAVariable() and
|
||||
v = d2.getBindingPattern().getAVariable() and
|
||||
not ds.getTopLevel().isMinified()
|
||||
select ds, "Variable " + v.getName() + " is declared both $@ and $@.", d1, "here", d2, "here"
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
import javascript
|
||||
|
||||
from ObjectExpr oe, Property p1, Property p2, int i, int j
|
||||
where p1 = oe.getProperty(i) and
|
||||
p2 = oe.getProperty(j) and
|
||||
i < j and
|
||||
p1.getName() = p2.getName() and
|
||||
not oe.getTopLevel().isMinified()
|
||||
where
|
||||
p1 = oe.getProperty(i) and
|
||||
p2 = oe.getProperty(j) and
|
||||
i < j and
|
||||
p1.getName() = p2.getName() and
|
||||
not oe.getTopLevel().isMinified()
|
||||
select oe, "Property " + p1.getName() + " is defined both $@ and $@.", p1, "here", p2, "here"
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
import javascript
|
||||
|
||||
from FunctionDeclStmt f, FunctionDeclStmt g
|
||||
where f != g and f.getVariable() = g.getVariable() and
|
||||
not f.getTopLevel().isMinified() and
|
||||
not g.getTopLevel().isMinified()
|
||||
where
|
||||
f != g and
|
||||
f.getVariable() = g.getVariable() and
|
||||
not f.getTopLevel().isMinified() and
|
||||
not g.getTopLevel().isMinified()
|
||||
select f, g
|
||||
|
||||
Reference in New Issue
Block a user