Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0fd9d15

Browse files
committed
JS: add DataFlow::Node.getStringValue()
1 parent c133362 commit 0fd9d15

10 files changed

Lines changed: 15 additions & 12 deletions

File tree

javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class Configuration extends TaintTracking::Configuration {
1919
Configuration() { this = "IncompleteHostnameRegExpTracking" }
2020

2121
override predicate isSource(DataFlow::Node source) {
22-
isIncompleteHostNameRegExpPattern(source.asExpr().getStringValue(), _)
22+
isIncompleteHostNameRegExpPattern(source.getStringValue(), _)
2323
}
2424

2525
override predicate isSink(DataFlow::Node sink) { isInterpretedAsRegExp(sink) }

javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ predicate isDerivedFromLength(DataFlow::Node length, DataFlow::Node operand) {
7676
exists(IndexOfCall call | operand = call.getAnOperand() |
7777
length = getStringSource(operand).getAPropertyRead("length")
7878
or
79-
exists(string val | val = operand.asExpr().getStringValue() |
79+
exists(string val | val = operand.getStringValue() |
8080
// Find a literal length with the same string constant
8181
exists(LiteralLengthExpr lengthExpr |
8282
lengthExpr.getContainer() = call.getContainer() and

javascript/ql/src/Security/CWE-116/DoubleEscaping.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ class Replacement extends DataFlow::Node {
8585
exists(DataFlow::MethodCallNode mcn |
8686
mcn = this and
8787
input = getStringValue(pattern) and
88-
output = mcn.getArgument(1).asExpr().getStringValue()
88+
output = mcn.getArgument(1).getStringValue()
8989
)
9090
}
9191

javascript/ql/src/semmle/javascript/DOM.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ module DOM {
111111
/**
112112
* Gets the value of this attribute, if it can be determined.
113113
*/
114-
string getStringValue() { result = getValueNode().asExpr().getStringValue() }
114+
string getStringValue() { result = getValueNode().getStringValue() }
115115

116116
/**
117117
* Gets the DOM element this attribute belongs to.

javascript/ql/src/semmle/javascript/StringConcatenation.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,6 @@ module StringConcatenation {
104104
*/
105105
predicate isCoercion(DataFlow::Node node) {
106106
getNumOperand(node) = 2 and
107-
getOperand(node, _).asExpr().getStringValue() = ""
107+
getOperand(node, _).getStringValue() = ""
108108
}
109109
}

javascript/ql/src/semmle/javascript/StringOps.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ module StringOps {
162162
(
163163
substring.getALocalSource().getAPropertyRead("length").flowsTo(call.getArgument(1))
164164
or
165-
substring.asExpr().getStringValue().length() = call.getArgument(1).asExpr().getIntValue()
165+
substring.getStringValue().length() = call.getArgument(1).asExpr().getIntValue()
166166
)
167167
}
168168

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,9 +97,12 @@ module DataFlow {
9797
*/
9898
predicate accessesGlobal(string g) { globalVarRef(g).flowsTo(this) }
9999

100-
/** Holds if this node may evaluate to the string `s`. */
100+
/** Holds if this node may evaluate to the string `s`, possibly through local data flow. */
101101
predicate mayHaveStringValue(string s) { getAPredecessor().mayHaveStringValue(s) }
102102

103+
/** Gets the string value of this node, if it is a string literal or constant string concatenation. */
104+
string getStringValue() { result = asExpr().getStringValue() }
105+
103106
/** Holds if this node may evaluate to the Boolean value `b`. */
104107
predicate mayHaveBooleanValue(boolean b) {
105108
b = analyze().getAValue().(AbstractBoolean).getBooleanValue()

javascript/ql/src/semmle/javascript/frameworks/CryptoLibraries.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -276,7 +276,7 @@ private module BrowserIdCrypto {
276276
mod = DataFlow::moduleImport("browserid-crypto") and
277277
keygen = mod.getAMemberCall("generateKeypair") and
278278
algorithmNameNode = keygen.getOptionArgument(0, "algorithm") and
279-
algorithm.matchesName(algorithmNameNode.asExpr().getStringValue()) and
279+
algorithm.matchesName(algorithmNameNode.getStringValue()) and
280280
callback = keygen.getCallback(1) and
281281
this = mod.getAMemberCall("sign").asExpr()
282282
)
@@ -319,7 +319,7 @@ private module NodeJSCrypto {
319319
|
320320
mod = DataFlow::moduleImport("crypto") and
321321
this = mod.getAMemberCall("create" + createSuffix) and
322-
algorithm.matchesName(getArgument(0).asExpr().getStringValue())
322+
algorithm.matchesName(getArgument(0).getStringValue())
323323
)
324324
}
325325

javascript/ql/src/semmle/javascript/security/dataflow/UrlConcatenation.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ import javascript
1313
* Specifically, this holds if the string contains `?` or `#`.
1414
*/
1515
private predicate hasSanitizingSubstring(DataFlow::Node nd) {
16-
nd.asExpr().getStringValue().regexpMatch(".*[?#].*")
16+
nd.getStringValue().regexpMatch(".*[?#].*")
1717
or
1818
hasSanitizingSubstring(StringConcatenation::getAnOperand(nd))
1919
or
@@ -48,7 +48,7 @@ predicate sanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sink) {
4848
* the `//` separating the (optional) scheme from the hostname.
4949
*/
5050
private predicate hasHostnameSanitizingSubstring(DataFlow::Node nd) {
51-
nd.asExpr().getStringValue().regexpMatch(".*([?#]|[^?#:/\\\\][/\\\\]).*")
51+
nd.getStringValue().regexpMatch(".*([?#]|[^?#:/\\\\][/\\\\]).*")
5252
or
5353
hasHostnameSanitizingSubstring(StringConcatenation::getAnOperand(nd))
5454
or

javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ module DomBasedXss {
6767
// _may_ be interpreted as HTML
6868
not exists(DataFlow::Node prefix, string strval |
6969
isPrefixOfJQueryHtmlString(astNode, prefix) and
70-
strval = prefix.asExpr().getStringValue() and
70+
strval = prefix.getStringValue() and
7171
not strval.regexpMatch("\\s*<.*")
7272
) and
7373
not isDocumentURL(astNode)

0 commit comments

Comments
 (0)