JS: ensure parameters always have a dataflow node

2026-04-29 18:55:14 +02:00 · 2018-10-22 15:00:44 +01:00
parent 28f3b686a7
commit f07aa5bb2c
4 changed files with 48 additions and 0 deletions
--- a/javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll
@@ -33,6 +33,9 @@ module DataFlow {
       ce.getMethodName() = kind and (kind = "call" or kind = "apply")
     }
  or TThisNode(StmtContainer f) { f.(Function).getThisBinder() = f or f instanceof TopLevel }
+  or TUnusedParameterNode(SimpleParameter p) {
+    not exists (SsaExplicitDefinition ssa | p = ssa.getDef())
+  }

  /**
   * A node in the data flow graph.
@@ -671,6 +674,37 @@ module DataFlow {
    override string getPropertyName() { none() }
  }

+  /**
+   * A data flow node representing an unused parameter.
+   *
+   * This case exists to ensure all parameters have a corresponding data-flow node.
+   * In most cases, parameters are represented by SSA definitions or destructuring pattern nodes.
+   */
+  private class UnusedParameterNode extends DataFlow::Node, TUnusedParameterNode {
+    SimpleParameter p;
+
+    UnusedParameterNode() {
+      this = TUnusedParameterNode(p)
+    }
+
+    override string toString() {
+      result = p.toString()
+    }
+
+    override ASTNode getAstNode() {
+      result = p
+    }
+
+    override BasicBlock getBasicBlock() {
+      result = p.getBasicBlock()
+    }
+
+    override predicate hasLocationInfo(string filepath, int startline, int startcolumn,
+                                       int endline, int endcolumn) {
+      p.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+  }
+
  /**
   * Provides classes representing various kinds of calls.
   *
@@ -866,6 +900,8 @@ module DataFlow {
    )
    or
    nd = TDestructuringPatternNode(p)
+    or
+    nd = TUnusedParameterNode(p)
  }

  /**
--- a/javascript/ql/test/library-tests/DataFlow/parameters.expected
+++ b/javascript/ql/test/library-tests/DataFlow/parameters.expected
@@ -0,0 +1,7 @@
+| sources.js:1:6:1:6 | x |
+| sources.js:3:11:3:11 | x |
+| tst.js:16:13:16:13 | a |
+| tst.js:32:12:32:12 | b |
+| tst.js:87:11:87:24 | { p: x, ...o } |
+| tst.js:98:11:98:24 | [ x, ...rest ] |
+| tst.ts:13:39:13:38 | args |
--- a/javascript/ql/test/library-tests/DataFlow/parameters.ql
+++ b/javascript/ql/test/library-tests/DataFlow/parameters.ql
@@ -0,0 +1,4 @@
+import javascript
+
+from DataFlow::ParameterNode param
+select param
--- a/javascript/ql/test/library-tests/DataFlow/sources.expected
+++ b/javascript/ql/test/library-tests/DataFlow/sources.expected
@@ -25,6 +25,7 @@
 | tst.js:28:2:29:3 | () =>\\n  x |
 | tst.js:32:1:32:0 | this |
 | tst.js:32:1:34:1 | functio ... ables\\n} |
+| tst.js:32:12:32:12 | b |
 | tst.js:35:1:35:7 | g(true) |
 | tst.js:37:9:42:1 | {\\n  x:  ... ;\\n  }\\n} |
 | tst.js:39:4:39:3 | this |