Skip to content

JS: recognize more module exports from the factory pattern #8221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 29, 2022
Merged

JS: recognize more module exports from the factory pattern #8221

merged 2 commits into from
Apr 29, 2022

Conversation

erik-krogh
Copy link
Contributor

@erik-krogh erik-krogh commented Feb 23, 2022
edited
Loading

@github-actions github-actions bot added the JS label Feb 23, 2022
@erik-krogh erik-krogh marked this pull request as ready for review February 24, 2022 09:01
@erik-krogh erik-krogh requested a review from a team as a code owner February 24, 2022 09:01
@erik-krogh erik-krogh added the no-change-note-required This PR does not need a change note label Mar 2, 2022
kaeluka
kaeluka reviewed Apr 22, 2022
View reviewed changes
Copy link

@kaeluka kaeluka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall, lgtm!

javascript/ql/lib/semmle/javascript/PackageExports.qll Outdated
@@ -120,14 +120,21 @@ private DataFlow::Node getAValueExportedByPackage() {
exists(ImmediatelyInvokedFunctionExpr func, DataFlow::ParameterNode prev, int i |
prev.getName() = "factory" and
func.getParameter(i) = prev.getParameter() and
result = func.getInvocation().getArgument(i).flow().getAFunctionValue().getAReturn() and
DataFlow::globalVarRef("define").getACall().getArgument(1) = prev.getALocalUse() and
DataFlow::globalVarRef("define").getACall().getArgument(any(int a | a >= 1)) =
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can int a ever be larger than 2? and couldn't it also be 0? like in 1.3.2 here: https://requirejs.org/docs/api.html#define Perhaps, this should simply be getAnArgument

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You seem to be right, it can be any argument.

@erik-krogh erik-krogh requested a review from kaeluka April 27, 2022 19:56
kaeluka
kaeluka approved these changes Apr 29, 2022
View reviewed changes
Copy link

@kaeluka kaeluka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@erik-krogh erik-krogh merged commit 080271f into github:main Apr 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@kaeluka kaeluka kaeluka approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
JS no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erik-krogh @kaeluka