hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 12:50:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
caa410c43bf939c886635f8ca10b6e4e6adcf8d8
codeql/javascript/ql/lib/semmle/javascript/frameworks/ClosureLibrary.qll
Andrew Eisenberg 45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
2021-08-25 12:15:56 -07:00

52 lines
1.5 KiB
Plaintext
Raw Blame History

/**
* Provides models for miscellaneous utility functions in the closure standard library.
*/
import javascript
module ClosureLibrary {
private import DataFlow
private class StringStep extends TaintTracking::SharedTaintStep {
override predicate step(Node pred, Node succ) {
exists(string name, CallNode call |
call = Closure::moduleImport("goog.string." + name).getACall() and succ = call
|
pred = call.getAnArgument() and
(
name = "canonicalizeNewlines" or
name = "capitalize" or
name = "collapseBreakingSpaces" or
name = "collapseWhitespace" or
name = "format" or
name = "makeSafe" or // makeSafe just guards against null and undefined
name = "newLineOrBr" or
name = "normalizeSpaces" or
name = "normalizeWhitespace" or
name = "preserveSpaces" or
name = "remove" or // removes first occurrence of a substring
name = "repeat" or
name = "splitLimit" or
name = "stripNewlines" or
name = "subs" or
name = "toCamelCase" or
name = "toSelectorCase" or
name = "toTitleCase" or
name = "trim" or
name = "trimLeft" or
name = "trimRight" or
name = "unescapeEntities" or
name = "whitespaceEscape"
)
or
pred = call.getArgument(0) and
(
name = "truncate" or
name = "truncateMiddle" or
name = "unescapeEntitiesWithDocument"
)
)
}
}
}
Reference in New Issue View Git Blame Copy Permalink