JavaScript: Track Electron browser objects inter-procedurally.

2026-05-03 04:39:29 +02:00 · 2019-02-07 12:39:57 +00:00
parent d59c12e6eb
commit ff83e600dc
4 changed files with 31 additions and 7 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
@@ -16,7 +16,7 @@ module Electron {
  /**
   * An instantiation of `BrowserWindow` or `BrowserView`.
   */
-  abstract private class NewBrowserObject extends BrowserObject {
+  abstract private class NewBrowserObject extends BrowserObject, DataFlow::TrackedNode {
    DataFlow::NewNode self;

    NewBrowserObject() { this = self }
@@ -56,6 +56,15 @@ module Electron {
    }
  }

+  /**
+   * A data flow node whose value may originate from a browser object instantiation.
+   */
+  private class BrowserObjectByFlow extends BrowserObject {
+    BrowserObjectByFlow() {
+      any(NewBrowserObject nbo).flowsTo(this)
+    }
+  }
+
  /**
   * A Node.js-style HTTP or HTTPS request made using an Electron module.
   */
--- a/javascript/ql/test/library-tests/frameworks/Electron/BrowserObject.expected
+++ b/javascript/ql/test/library-tests/frameworks/Electron/BrowserObject.expected
@@ -1,6 +1,14 @@
 | electron.d.ts:2:16:2:28 | BrowserWindow |
 | electron.d.ts:3:16:3:26 | BrowserView |
-| electron.js:3:1:3:39 | new Bro ... s: {}}) |
-| electron.js:4:1:4:37 | new Bro ... s: {}}) |
+| electron.js:3:5:3:48 | bw |
+| electron.js:3:10:3:48 | new Bro ... s: {}}) |
+| electron.js:4:5:4:46 | bv |
+| electron.js:4:10:4:46 | new Bro ... s: {}}) |
+| electron.js:35:14:35:14 | x |
+| electron.js:36:12:36:12 | x |
+| electron.js:39:1:39:7 | foo(bw) |
+| electron.js:39:5:39:6 | bw |
+| electron.js:40:1:40:7 | foo(bv) |
+| electron.js:40:5:40:6 | bv |
 | electron.ts:3:12:3:13 | bw |
 | electron.ts:3:40:3:41 | bv |
--- a/javascript/ql/test/library-tests/frameworks/Electron/WebPreferences.expected
+++ b/javascript/ql/test/library-tests/frameworks/Electron/WebPreferences.expected
@@ -1,2 +1,2 @@
-| electron.js:3:36:3:37 | {} |
-| electron.js:4:34:4:35 | {} |
+| electron.js:3:45:3:46 | {} |
+| electron.js:4:43:4:44 | {} |
--- a/javascript/ql/test/library-tests/frameworks/Electron/electron.js
+++ b/javascript/ql/test/library-tests/frameworks/Electron/electron.js
@@ -1,7 +1,7 @@
 const {BrowserView, BrowserWindow, ClientRequest, net} = require('electron')

-new BrowserWindow({webPreferences: {}})
-new BrowserView({webPreferences: {}})
+var bw = new BrowserWindow({webPreferences: {}})
+var bv = new BrowserView({webPreferences: {}})

 function makeClientRequests() {
    net.request('https://example.com').end();
@@ -31,3 +31,10 @@ function makeClientRequests() {
    post.write('stuff');
    post.end('more stuff');
 }
+
+function foo(x) {
+    return x;
+}
+
+foo(bw);
+foo(bv);