mirror of
https://github.com/github/codeql.git
synced 2025-12-20 02:44:30 +01:00
60 lines
1.6 KiB
Plaintext
60 lines
1.6 KiB
Plaintext
import javascript
|
|
|
|
/**
|
|
* An operation that sends an email.
|
|
*/
|
|
abstract class EmailSender extends DataFlow::SourceNode {
|
|
/**
|
|
* Gets a data flow node holding the plaintext version of the email body.
|
|
*/
|
|
abstract DataFlow::Node getPlainTextBody();
|
|
|
|
/**
|
|
* Gets a data flow node holding the HTML body of the email.
|
|
*/
|
|
abstract DataFlow::Node getHtmlBody();
|
|
|
|
/**
|
|
* Gets a data flow node holding the address of the email recipient(s).
|
|
*/
|
|
abstract DataFlow::Node getTo();
|
|
|
|
/**
|
|
* Gets a data flow node holding the address of the email sender.
|
|
*/
|
|
abstract DataFlow::Node getFrom();
|
|
|
|
/**
|
|
* Gets a data flow node holding the email subject.
|
|
*/
|
|
abstract DataFlow::Node getSubject();
|
|
|
|
/**
|
|
* Gets a data flow node that refers to the HTML body or plaintext body of the email.
|
|
*/
|
|
DataFlow::Node getABody() {
|
|
result = this.getPlainTextBody() or
|
|
result = this.getHtmlBody()
|
|
}
|
|
}
|
|
|
|
/**
|
|
* An email-sending call based on the `nodemailer` package.
|
|
*/
|
|
private class NodemailerEmailSender extends EmailSender, DataFlow::MethodCallNode {
|
|
NodemailerEmailSender() {
|
|
this =
|
|
DataFlow::moduleMember("nodemailer", "createTransport").getACall().getAMethodCall("sendMail")
|
|
}
|
|
|
|
override DataFlow::Node getPlainTextBody() { result = this.getOptionArgument(0, "text") }
|
|
|
|
override DataFlow::Node getHtmlBody() { result = this.getOptionArgument(0, "html") }
|
|
|
|
override DataFlow::Node getTo() { result = this.getOptionArgument(0, "to") }
|
|
|
|
override DataFlow::Node getFrom() { result = this.getOptionArgument(0, "from") }
|
|
|
|
override DataFlow::Node getSubject() { result = this.getOptionArgument(0, "subject") }
|
|
}
|