hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Add type tracking to Postgres model.

Browse Source
This commit is contained in:
Max Schaefer
2020-03-23 17:10:26 +00:00
parent ce0b72f949
commit efbcec09ef
4 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
javascript/ql/src/semmle/javascript/frameworks/SQL.qll
View File

@@ -132,15 +132,22 @@ private module Postgres {
result = DataFlow::moduleImport("pg-pool").getAnInstantiation()
}
private DataFlow::SourceNode clientOrPool(DataFlow::TypeTracker t) {
t.start() and
(result = client() or result = newPool())
or
exists(DataFlow::TypeTracker t2 | result = clientOrPool(t2).track(t2, t))
}
private DataFlow::SourceNode clientOrPool() {
result = clientOrPool(DataFlow::TypeTracker::end())
}
/** A call to the Postgres `query` method. */
private class QueryCall extends DatabaseAccess, DataFlow::ValueNode {
override MethodCallExpr astNode;
QueryCall() {
exists(DataFlow::SourceNode recv | recv = client() or recv = newPool() |
this = recv.getAMethodCall("query")
)
}
QueryCall() { this = clientOrPool().getAMethodCall("query") }
override DataFlow::Node getAQueryArgument() {
result = DataFlow::valueNode(astNode.getArgument(0))