forked from github/codeql
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
support interprocedural flow with custom load/store steps
- Loading branch information
1 parent
d09bce5
commit 830100d
Showing
7 changed files
with
115 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
javascript/ql/test/library-tests/CustomLoadStoreSteps/test.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
| tst.js:4:15:4:22 | "source" | tst.js:9:7:9:24 | readTaint(tainted) | |
22 changes: 22 additions & 0 deletions
22
javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
import javascript | ||
|
||
class Configuration extends TaintTracking::Configuration { | ||
Configuration() { this = "PromiseFlowTestingConfig" } | ||
|
||
override predicate isSource(DataFlow::Node source) { | ||
source.getEnclosingExpr().getStringValue() = "source" | ||
} | ||
|
||
override predicate isSink(DataFlow::Node sink) { | ||
any(DataFlow::InvokeNode call | call.getCalleeName() = "sink").getAnArgument() = sink | ||
} | ||
|
||
// When the source code states that "foo" is being read, "bar" is additionally being read. | ||
override predicate isAdditionalLoadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { | ||
pred.(DataFlow::SourceNode).getAPropertyRead("foo") = succ and prop = "bar" | ||
} | ||
} | ||
|
||
from DataFlow::Node pred, DataFlow::Node succ, Configuration cfg | ||
where cfg.hasFlow(pred, succ) | ||
select pred, succ |
10 changes: 10 additions & 0 deletions
10
javascript/ql/test/library-tests/CustomLoadStoreSteps/tst.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
// When the source code states that "foo" is being read, "bar" is additionally being read. | ||
|
||
(function () { | ||
var source = "source"; | ||
var tainted = { bar: source }; | ||
function readTaint(x) { | ||
return x.foo; | ||
} | ||
sink(readTaint(tainted)); | ||
})(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
(function () { | ||
function getSource() { | ||
var source = "source"; // step 1 | ||
return source; // step 2 | ||
} | ||
loadScript(getSource()) // step 3 | ||
.then(function () { }) | ||
.then(function () { }) | ||
.catch(handleError); | ||
function loadScript(src) { // step 4 (is summarized) | ||
return new Promise(function (resolve, reject) { | ||
setTimeout(function (error) { | ||
reject(new Error('Blah: ' + src)); // step 5 | ||
}, 1000); | ||
}); | ||
} | ||
function handleError(error) { // step 6 | ||
sink(error); // step 7 | ||
} | ||
})(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters