mirror of
https://github.com/github/codeql.git
synced 2025-12-19 10:23:15 +01:00
40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
/**
|
|
* @name Jump from finally
|
|
* @description Avoid using unstructured control flow statements (return, continue, or break) inside
|
|
* a 'finally' block.
|
|
* @kind problem
|
|
* @problem.severity warning
|
|
* @id js/exit-from-finally
|
|
* @tags reliability
|
|
* maintainability
|
|
* language-features
|
|
* external/cwe/cwe-584
|
|
* @precision low
|
|
*/
|
|
|
|
import javascript
|
|
|
|
/**
|
|
* A "jump" statement, that is, `break`, `continue` or `return`.
|
|
*/
|
|
class Jump extends Stmt {
|
|
Jump() {
|
|
this instanceof BreakOrContinueStmt or
|
|
this instanceof ReturnStmt
|
|
}
|
|
|
|
/** Gets the target to which this jump refers. */
|
|
Stmt getTarget() {
|
|
result = this.(BreakOrContinueStmt).getTarget() or
|
|
result = this.(ReturnStmt).getContainer().(Function).getBody()
|
|
}
|
|
}
|
|
|
|
from TryStmt try, BlockStmt finally, Jump jump
|
|
where
|
|
finally = try.getFinally() and
|
|
jump.getContainer() = try.getContainer() and
|
|
jump.getParentStmt+() = finally and
|
|
finally.getParentStmt+() = jump.getTarget()
|
|
select jump, "This statement jumps out of the finally block, potentially hiding an exception."
|