mirror of
https://github.com/github/codeql.git
synced 2026-04-20 22:44:52 +02:00
Added modeling for aliases.
This commit is contained in:
Napalys
@@ -4,26 +4,26 @@ extensions:
|
||||
extensible: typeModel
|
||||
data:
|
||||
- ["'underscore.string'.Wrapper", "'underscore.string'", "ReturnValue"]
|
||||
- ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,value].ReturnValue"]
|
||||
- ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[insert,replaceAll,join,splice,prune,pad,lpad,rpad,repeat,surround,quote].ReturnValue"]
|
||||
- ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,value,strip,lstrip,rstrip,camelcase].ReturnValue"]
|
||||
- ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[insert,replaceAll,join,splice,prune,pad,lpad,rpad,repeat,surround,quote,q,rjust,ljust].ReturnValue"]
|
||||
- ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[toUpperCase,toLowerCase,replace,slice,substring,substr,concat].ReturnValue"]
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/javascript-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["'underscore.string'", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,map]", "Argument[0]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,map,strip,lstrip,rstrip,camelcase]", "Argument[0]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[chop,chars,words,lines]", "Argument[0]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[toSentence,toSentenceSerial]", "Argument[0].ArrayElement", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[insert,replaceAll,splice,prune,pad,lpad,rpad,repeat]", "Argument[0,2]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[insert,replaceAll,splice,prune,pad,lpad,rpad,repeat,rjust,ljust]", "Argument[0,2]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[splice]", "Argument[0,3]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[join]", "Argument[0..N-1]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[surround,quote]", "Argument[0,1]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "Member[surround,quote,q]", "Argument[0,1]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'", "", "Argument[0]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,value]", "Argument[this]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[insert,replaceAll,join,splice,prune,pad,lpad,rpad,repeat,surround,quote]", "Argument[this]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[insert,replaceAll,prune,pad,lpad,rpad,repeat]", "Argument[1]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[surround,quote]", "Argument[0]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,value,strip,lstrip,rstrip,camelcase]", "Argument[this]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[insert,replaceAll,join,splice,prune,pad,lpad,rpad,repeat,surround,quote,q,rjust,ljust]", "Argument[this]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[insert,replaceAll,prune,pad,lpad,rpad,repeat,rjust,ljust]", "Argument[1]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[surround,quote,q]", "Argument[0]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[splice]", "Argument[2]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[join,concat]", "Argument[0..N-1]", "ReturnValue", "taint"]
|
||||
- ["'underscore.string'.Wrapper", "Member[toUpperCase,toLowerCase,replace,slice,substring,substr,split]", "Argument[this]", "ReturnValue", "taint"]
|
||||
|
||||
@@ -32,10 +32,10 @@ function strToStr() {
|
||||
sink(s.stripTags(source("s29"))); // $ hasTaintFlow=s29
|
||||
sink(s.unquote(source("s30"), "quote")); // $ hasTaintFlow=s30
|
||||
sink(s.map(source("s31"), (x) => {return x;})); // $ hasTaintFlow=s31
|
||||
sink(s.strip(source("s32"),"charsToStrim")); // $ MISSING: hasTaintFlow=s32
|
||||
sink(s.lstrip(source("s33"),"charsToStrim")); // $ MISSING: hasTaintFlow=s33
|
||||
sink(s.rstrip(source("s34"),"charsToStrim")); // $ MISSING: hasTaintFlow=s34
|
||||
sink(s.camelcase(source("s35"))); // $ MISSING: hasTaintFlow=s35
|
||||
sink(s.strip(source("s32"),"charsToStrim")); // $ hasTaintFlow=s32
|
||||
sink(s.lstrip(source("s33"),"charsToStrim")); // $ hasTaintFlow=s33
|
||||
sink(s.rstrip(source("s34"),"charsToStrim")); // $ hasTaintFlow=s34
|
||||
sink(s.camelcase(source("s35"))); // $ hasTaintFlow=s35
|
||||
}
|
||||
|
||||
function strToArray() {
|
||||
@@ -84,14 +84,14 @@ function multiSource() {
|
||||
sink(s.quote(source("s21"), "quote")); // $ hasTaintFlow=s21
|
||||
sink(s.quote("base", source("s22"))); // $ hasTaintFlow=s22
|
||||
|
||||
sink(s.q(source("s23"), "quote")); // $ MISSING: hasTaintFlow=s23
|
||||
sink(s.q("base", source("s24"))); // $ MISSING: hasTaintFlow=s24
|
||||
sink(s.q(source("s23"), "quote")); // $ hasTaintFlow=s23
|
||||
sink(s.q("base", source("s24"))); // $ hasTaintFlow=s24
|
||||
|
||||
sink(s.rjust(source("s25"), 10, "charsToPad")); // $ MISSING: hasTaintFlow=s25
|
||||
sink(s.rjust("base", 10, source("s26"))); // $ MISSING: hasTaintFlow=s26
|
||||
sink(s.rjust(source("s25"), 10, "charsToPad")); // $ hasTaintFlow=s25
|
||||
sink(s.rjust("base", 10, source("s26"))); // $ hasTaintFlow=s26
|
||||
|
||||
sink(s.ljust(source("s27"), 10, "charsToPad")); // $ MISSING: hasTaintFlow=s27
|
||||
sink(s.ljust("base", 10, source("s28"))); // $ MISSING: hasTaintFlow=s28
|
||||
sink(s.ljust(source("s27"), 10, "charsToPad")); // $ hasTaintFlow=s27
|
||||
sink(s.ljust("base", 10, source("s28"))); // $ hasTaintFlow=s28
|
||||
}
|
||||
|
||||
function chaining() {
|
||||
@@ -115,6 +115,6 @@ function chaining() {
|
||||
|
||||
sink(s(source("s16"))
|
||||
.strip().lstrip().rstrip().camelcase()
|
||||
.q(source("s17").ljust(10, source("s18"))
|
||||
.rjust(10, source("s19")))); // $ MISSING: hasTaintFlow=s16 MISSING: hasTaintFlow=s17 MISSING: hasTaintFlow=s18 MISSING: hasTaintFlow=s19
|
||||
.q(source("s17")).ljust(10, source("s18"))
|
||||
.rjust(10, source("s19"))); // $ hasTaintFlow=s16 hasTaintFlow=s17 hasTaintFlow=s18 hasTaintFlow=s19
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user