hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

reuse classes modelling standard library functions

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-03-19 10:09:33 +01:00
parent d489d63b8e
commit e90fb1a225
1 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
javascript/ql/src/semmle/javascript/PackageExports.qll
View File

@@ -83,14 +83,13 @@ DataFlow::Node getAValueExportedByPackage() {
)
or
// Object.defineProperty
exists(DataFlow::MethodCallNode call |
call = DataFlow::globalVarRef("Object").getAMethodCall("defineProperty") and
[call, call.getArgument(0)] = getAValueExportedByPackage()
exists(CallToObjectDefineProperty call |
[call, call.getBaseObject()] = getAValueExportedByPackage()
|
result = call.getArgument(2).getALocalSource().getAPropertyReference("value")
result = call.getPropertyDescriptor().getALocalSource().getAPropertyReference("value")
or
result =
call.getArgument(2)
call.getPropertyDescriptor()
.getALocalSource()
.getAPropertyReference("get")
.(DataFlow::FunctionNode)
@@ -98,11 +97,9 @@ DataFlow::Node getAValueExportedByPackage() {
)
or
// Object.assign
exists(DataFlow::MethodCallNode assign |
assign = DataFlow::globalVarRef("Object").getAMethodCall("assign")
|
getAValueExportedByPackage() = [assign, assign.getArgument(0)] and
result = assign.getAnArgument()
exists(ExtendCall assign |
getAValueExportedByPackage() = [assign, assign.getDestinationOperand()] and
result = assign.getASourceOperand()
)
or
// Array.prototype.{map, reduce, entries, values}
@@ -120,7 +117,7 @@ DataFlow::Node getAValueExportedByPackage() {
exists(DataFlow::MethodCallNode freeze |
freeze =
DataFlow::globalVarRef("Object")
.getAMethodCall(["fromEntries", "freeze", "entries", "values"])
.getAMethodCall(["fromEntries", "freeze", "seal", "entries", "values"])
|
freeze = getAValueExportedByPackage() and
result = freeze.getArgument(0)