Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0117a0f

Browse files
erik-krogherik-krogh
committed
specialize the getAValueExportedBy predicate to only topmost package.jsons
1 parent 0c9d46a commit 0117a0f

1 file changed

Lines changed: 11 additions & 11 deletions

File tree

javascript/ql/src/semmle/javascript/PackageExports.qll

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ import javascript
1111
*/
1212
DataFlow::ParameterNode getALibraryInputParameter() {
1313
exists(int bound, DataFlow::FunctionNode func |
14-
func = getAValueExportedBy(getTopmostPackageJSON()).getABoundFunctionValue(bound) and
14+
func = getAValueExportedByPackage().getABoundFunctionValue(bound) and
1515
result = func.getParameter(any(int arg | arg >= bound))
1616
)
1717
}
@@ -28,7 +28,7 @@ private int countSlashes(string path) { result = count(path.splitAt("/")) - 1 }
2828
* There can be multiple results if the there exists multiple package.json that are equally deeply nested in the folder structure.
2929
* Results are limited to package.json files that are at most nested 2 directories deep.
3030
*/
31-
PackageJSON getTopmostPackageJSON() {
31+
private PackageJSON getTopmostPackageJSON() {
3232
result =
3333
min(PackageJSON j |
3434
countSlashes(j.getFile().getRelativePath()) <= 3 and
@@ -39,33 +39,33 @@ PackageJSON getTopmostPackageJSON() {
3939
}
4040

4141
/**
42-
* Gets a value exported by the main module from the package.json `packageJSON`.
42+
* Gets a value exported by the main module from one of the topmost `package.json` files (see `getTopmostPackageJSON`).
4343
* The value is either directly the `module.exports` value, a nested property of `module.exports`, or a method on an exported class.
4444
*/
45-
DataFlow::Node getAValueExportedBy(PackageJSON packageJSON) {
46-
result = getAnExportFromModule(packageJSON.getMainModule())
45+
private DataFlow::Node getAValueExportedByPackage() {
46+
result = getAnExportFromModule(getTopmostPackageJSON().getMainModule())
4747
or
48-
result = getAValueExportedBy(packageJSON).(DataFlow::PropWrite).getRhs()
48+
result = getAValueExportedByPackage().(DataFlow::PropWrite).getRhs()
4949
or
5050
exists(DataFlow::SourceNode callee |
51-
callee = getAValueExportedBy(packageJSON).(DataFlow::NewNode).getCalleeNode().getALocalSource()
51+
callee = getAValueExportedByPackage().(DataFlow::NewNode).getCalleeNode().getALocalSource()
5252
|
5353
result = callee.getAPropertyRead("prototype").getAPropertyWrite().getRhs()
5454
or
5555
result = callee.(DataFlow::ClassNode).getAnInstanceMethod()
5656
)
5757
or
58-
result = getAValueExportedBy(packageJSON).getALocalSource()
58+
result = getAValueExportedByPackage().getALocalSource()
5959
or
60-
result = getAValueExportedBy(packageJSON).(DataFlow::SourceNode).getAPropertyReference()
60+
result = getAValueExportedByPackage().(DataFlow::SourceNode).getAPropertyReference()
6161
or
6262
exists(Module mod |
63-
mod = getAValueExportedBy(packageJSON).getEnclosingExpr().(Import).getImportedModule()
63+
mod = getAValueExportedByPackage().getEnclosingExpr().(Import).getImportedModule()
6464
|
6565
result = getAnExportFromModule(mod)
6666
)
6767
or
68-
exists(DataFlow::ClassNode cla | cla = getAValueExportedBy(packageJSON) |
68+
exists(DataFlow::ClassNode cla | cla = getAValueExportedByPackage() |
6969
result = cla.getAnInstanceMethod() or
7070
result = cla.getAStaticMethod() or
7171
result = cla.getConstructor()

0 commit comments

Comments
 (0)