JS: ExceptionStep

asgerf · asgerf · commit 0035defd72f7 · 2021-03-23T14:53:12.000Z
diff --git a/javascript/ql/src/semmle/javascript/frameworks/LodashUnderscore.qll b/javascript/ql/src/semmle/javascript/frameworks/LodashUnderscore.qll
@@ -360,9 +360,9 @@ module LodashUnderscore {
   /**
    * A data flow step propagating an exception thrown from a callback to a Lodash/Underscore function.
    */
-  private class ExceptionStep extends DataFlow::CallNode, DataFlow::AdditionalFlowStep {
-    ExceptionStep() {
-      exists(string name | this = member(name).getACall() |
+  private class ExceptionStep extends DataFlow::SharedFlowStep {
+    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+      exists(DataFlow::CallNode call, string name |
         // Members ending with By, With, or While indicate that they are a variant of
         // another function that takes a callback.
         name.matches("%By") or
@@ -386,13 +386,12 @@ module LodashUnderscore {
         name = "replace" or
         name = "some" or
         name = "transform"
+      |
+        call = member(name).getACall() and
+        pred = call.getAnArgument().(DataFlow::FunctionNode).getExceptionalReturn() and
+        succ = call.getExceptionalReturn()
       )
     }
-
-    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-      pred = getAnArgument().(DataFlow::FunctionNode).getExceptionalReturn() and
-      succ = this.getExceptionalReturn()
-    }
   }
 
   /**
