diff --git a/javascript/ql/src/semmle/javascript/frameworks/Redux.qll b/javascript/ql/src/semmle/javascript/frameworks/Redux.qll index 6094d0164e0..3e48dc04f34 100644 --- a/javascript/ql/src/semmle/javascript/frameworks/Redux.qll +++ b/javascript/ql/src/semmle/javascript/frameworks/Redux.qll @@ -1134,9 +1134,11 @@ module Redux { } /** - * An entry point in the API graphs corresponding to functions named `mapDispatchToProps`, - * used to catch cases where the call to `connect` was not found (usually because of it being - * wrapped in another function, which API graphs won't look through). + * An API entry point corresponding to a `connect` function which we couldn't recognize exactly. + * + * The `connect` call is recognized based on an argument being named either `mapStateToProps` or `mapDispatchToProps`. + * Used to catch cases where the `connect` function was not recognized by API graphs (usually because of it being + * wrapped in another function, which API graphs won't look through). */ private class HeuristicConnectEntryPoint extends API::EntryPoint { HeuristicConnectEntryPoint() { this = "react-redux-connect" } diff --git a/javascript/ql/test/library-tests/frameworks/Redux/react-redux.jsx b/javascript/ql/test/library-tests/frameworks/Redux/react-redux.jsx index fc653906226..e1843b5bc92 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/react-redux.jsx +++ b/javascript/ql/test/library-tests/frameworks/Redux/react-redux.jsx @@ -92,3 +92,8 @@ function mapStateToProps(state) { const mapDispatchToProps = { toolkitAction, manualAction }; const ConnectedComponent = connect(mapStateToProps, mapDispatchToProps)(MyComponent); + +function connectLike(f, g) { + return c => somethingWeirdAndComplicated(f, g)(c); +} +const ConnectedComponent2 = connectLike(mapStateToProps, mapDispatchToProps)(MyComponent); diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.expected b/javascript/ql/test/library-tests/frameworks/Redux/test.expected index 2c819949805..ec2207885ad 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.expected @@ -112,6 +112,10 @@ taintFlow | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:75:10:75:36 | props.p ... Action2 | | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:76:10:76:36 | props.p ... Action3 | | react-redux.jsx:70:30:70:37 | source() | react-redux.jsx:77:10:77:28 | props.propFromAsync | +reactComponentRef +| react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | +| react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | react-redux.jsx:94:28:94:84 | connect ... ponent) | +| react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | react-redux.jsx:97:12:97:12 | c | getAffectedStateAccessPath | react-redux.jsx:12:33:17:9 | (state, ... } | toolkit | | react-redux.jsx:18:41:23:9 | (state, ... } | toolkit | diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.ql b/javascript/ql/test/library-tests/frameworks/Redux/test.ql index e289950d63e..ee0ff683951 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.ql @@ -59,3 +59,5 @@ class BasicTaint extends TaintTracking::Configuration { query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { any(BasicTaint cfg).hasFlow(source, sink) } + +query DataFlow::SourceNode reactComponentRef(ReactComponent component) { result = component.getAComponentCreatorReference() }