Skip to content

JS: refactor UriLibraries.qll models to use DataFlow::moduleMember #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from Aug 8, 2018
Merged

JS: refactor UriLibraries.qll models to use DataFlow::moduleMember #21

merged 1 commit into from Aug 8, 2018

Conversation

ghost
Copy link

@ghost ghost commented Aug 6, 2018

As discussed.

I do not think a change note is required for each library.

xiemaisi
xiemaisi suggested changes Aug 6, 2018
View reviewed changes
Copy link

@xiemaisi xiemaisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thought, otherwise LGTM.

javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll Outdated
*/
DataFlow::SourceNode uridashjs() {
result = DataFlow::moduleImport("uri-js")
DataFlow::SourceNode uridashjsMember(string name) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make this predicate (and its brethren below) private?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can, but that will break all of the library-specific sanity tests.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, OK. Never mind, then.

@asger-semmle
Copy link
Contributor

LGTM. Did you check for any new results?

@ghost
Copy link
Author

ghost commented Aug 6, 2018

LGTM. Did you check for any new results?

No, the workers are too busy currently. I will try to do a local evaluation tonight.

@ghost
Copy link
Author

ghost commented Aug 6, 2018

This PR adds no new results for our benchmark projects.

@xiemaisi
Copy link

xiemaisi commented Aug 7, 2018

This is a backwards-incompatible change since UriLibraries.qll was in 1.17 and urijs::urijs() was a public predicate. So we either need to add a change note or reintroduce the old predicates under deprecation; I'd prefer the latter.

@esben-semmle, in future let's not expose predicates like these unless we absolutely have to. In this case, I think we could have avoided this by writing one set of tests for the whole library, which in turn would have avoided the backwards compatibility issues.

xiemaisi
xiemaisi suggested changes Aug 7, 2018
View reviewed changes
Copy link

@xiemaisi xiemaisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a change note or reintroduce predicates uridashjs and friends.

jonas-semmle pushed a commit that referenced this pull request Aug 7, 2018
@pavgust
Merge pull request #21 from max/js/add-lgtm-suites
15615f6 
JavaScript: Move LGTM suites to submodule.
@ghost
Copy link
Author

ghost commented Aug 7, 2018

Deprecation markers added.

@xiemaisi
Copy link

xiemaisi commented Aug 7, 2018

Thanks; could you squash the fixup, please?

@ghost
Copy link
Author

ghost commented Aug 7, 2018

Done

@xiemaisi xiemaisi merged commit 1a5585c into github:master Aug 8, 2018
aibaars added a commit that referenced this pull request Oct 14, 2021
@aibaars
Merge pull request #21 from github/aibaars/files-qll
c2c197d 
Basic FileSystem.qll
smowton pushed a commit to smowton/codeql that referenced this pull request Oct 28, 2021
@tamasvajk
Merge pull request github#21 from github/kotlin-this-param
b2bbff4 
Extract 'this'-like value parameters
dbartol pushed a commit that referenced this pull request Dec 18, 2024
Merge pull request #21 from GitHubSecurityLab/refactor_env_access
c29f3a7 
refactor env access
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@asger-semmle @xiemaisi