Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 36a8134

Browse files
asgerfasgerf
committed
JS: ArrayIndexingAccess
1 parent b7ae62c commit 36a8134

1 file changed

Lines changed: 19 additions & 10 deletions

File tree

javascript/ql/src/semmle/javascript/Arrays.qll

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -137,13 +137,12 @@ private module ArrayDataFlow {
137137
}
138138

139139
/**
140-
* A step for reading/writing an element from an array inside a for-loop.
141-
* E.g. a read from `foo[i]` to `bar` in `for(var i = 0; i < arr.length; i++) {bar = foo[i]}`.
140+
* A node that reads or writes an element from an array inside a for-loop.
142141
*/
143-
private class ArrayIndexingStep extends DataFlow::AdditionalFlowStep, DataFlow::Node {
142+
private class ArrayIndexingAccess extends DataFlow::Node {
144143
DataFlow::PropRef read;
145144

146-
ArrayIndexingStep() {
145+
ArrayIndexingAccess() {
147146
read = this and
148147
TTNumber() =
149148
unique(InferredType type | type = read.getPropertyNameExpr().flow().analyze().getAType()) and
@@ -154,17 +153,27 @@ private module ArrayDataFlow {
154153
i.getVariable().getADefinition().(VariableDeclarator).getDeclStmt() = init
155154
)
156155
}
156+
}
157157

158+
/**
159+
* A step for reading/writing an element from an array inside a for-loop.
160+
* E.g. a read from `foo[i]` to `bar` in `for(var i = 0; i < arr.length; i++) {bar = foo[i]}`.
161+
*/
162+
private class ArrayIndexingStep extends DataFlow::SharedFlowStep {
158163
override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) {
159-
prop = arrayElement() and
160-
obj = this.(DataFlow::PropRead).getBase() and
161-
element = this
164+
exists(ArrayIndexingAccess access |
165+
prop = arrayElement() and
166+
obj = access.(DataFlow::PropRead).getBase() and
167+
element = access
168+
)
162169
}
163170

164171
override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) {
165-
prop = arrayElement() and
166-
element = this.(DataFlow::PropWrite).getRhs() and
167-
this = obj.getAPropertyWrite()
172+
exists(ArrayIndexingAccess access |
173+
prop = arrayElement() and
174+
element = access.(DataFlow::PropWrite).getRhs() and
175+
access = obj.getAPropertyWrite()
176+
)
168177
}
169178
}
170179

0 commit comments

Comments
 (0)