hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added step through yargs/yargs constructor and chained methods.

Browse Source
This commit is contained in:
Napalys Klicius
2025-08-01 12:01:30 +02:00
parent e8eb9be3f6
commit e980798ede
3 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/lib/semmle/javascript/frameworks/CommandLineArguments.qll
View File

@@ -87,11 +87,18 @@ private class ArgsParseStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::CallNode call |
call = DataFlow::moduleMember("args", "parse").getACall() or
call = DataFlow::moduleImport(["yargs-parser", "minimist", "subarg"]).getACall()
call =
DataFlow::moduleImport(["yargs-parser", "minimist", "subarg", "yargs/yargs", "yargs"])
.getACall()
|
succ = call and
pred = call.getArgument(0)
)
or
exists(DataFlow::MethodCallNode methodCall | methodCall = yargs() |
pred = methodCall.getReceiver() and
succ = methodCall
)
}
}
@@ -115,7 +122,9 @@ private API::Node commander() {
* Either directly imported as a module, or through some chained method call.
*/
private DataFlow::SourceNode yargs() {
result = DataFlow::moduleImport("yargs")
result = DataFlow::moduleImport(["yargs", "yargs/yargs"])
or
result = DataFlow::moduleImport(["yargs", "yargs/yargs"]).getACall()
or
// script used to generate list of chained methods: https://gist.github.com/erik-krogh/f8afe952c0577f4b563a993e613269ba
exists(string method |