Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 480be06

Browse files
esbenaesbena
committed
JS: replace Model class with opaque type tracking predicate
1 parent dbeb216 commit 480be06

1 file changed

Lines changed: 20 additions & 21 deletions

File tree

  • javascript/ql/src/semmle/javascript/frameworks

javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll

Lines changed: 20 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -210,24 +210,23 @@ private module Mongoose {
210210
}
211211

212212
/**
213-
* A Mongoose collection object.
213+
* Gets a data flow node referring to a Mongoose model object.
214214
*/
215-
class Model extends DataFlow::SourceNode {
216-
Model() {
217-
this = getAMongooseInstance().getAMemberCall("model") or
218-
this.hasUnderlyingType("mongoose", "Model")
219-
}
220-
221-
private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
222-
result = this and
223-
t.start()
224-
or
225-
exists(DataFlow::TypeTracker t2 | result = ref(t2).track(t2, t))
226-
}
227-
228-
DataFlow::SourceNode ref() { result = ref(DataFlow::TypeTracker::end()) }
215+
private DataFlow::SourceNode getAModel(DataFlow::TypeTracker t) {
216+
(
217+
result = getAMongooseInstance().getAMemberCall("model") or
218+
result.hasUnderlyingType("mongoose", "Model")
219+
) and
220+
t.start()
221+
or
222+
exists(DataFlow::TypeTracker t2 | result = getAModel(t2).track(t2, t))
229223
}
230224

225+
/**
226+
* Gets a data flow node referring to a Mongoose model object.
227+
*/
228+
DataFlow::SourceNode getAModel() { result = getAModel(DataFlow::TypeTracker::end()) }
229+
231230
/**
232231
* Provides signatures for the Model methods.
233232
*/
@@ -398,9 +397,9 @@ private module Mongoose {
398397
*/
399398
private class QueryFromModel extends DataFlow::MethodCallNode {
400399
QueryFromModel() {
401-
exists(string name, Model m |
400+
exists(string name |
402401
ModelMethodSignatures::returnsQuery(name) and
403-
m.ref().getAMethodCall(name) = this
402+
getAModel().getAMethodCall(name) = this
404403
)
405404
}
406405
}
@@ -460,9 +459,9 @@ private module Mongoose {
460459
*/
461460
class MongoDBQueryPart extends NoSQL::Query {
462461
MongoDBQueryPart() {
463-
exists(Model m, DataFlow::MethodCallNode mcn, string method, int n |
462+
exists(DataFlow::MethodCallNode mcn, string method, int n |
464463
ModelMethodSignatures::interpretsArgumentAsQuery(method, n) and
465-
mcn = m.ref().getAMethodCall(method) and
464+
mcn = getAModel().getAMethodCall(method) and
466465
this = mcn.getArgument(n).asExpr()
467466
)
468467
or
@@ -483,9 +482,9 @@ private module Mongoose {
483482
MongoDBQueryEvaluation() {
484483
this = mcn and
485484
(
486-
exists(Model m, string method |
485+
exists(string method |
487486
ModelMethodSignatures::returnsQuery(method) and
488-
mcn = m.ref().getAMethodCall(method) and
487+
mcn = getAModel().getAMethodCall(method) and
489488
// callback provided to a Model method call
490489
exists(mcn.getCallback(mcn.getNumArgument() - 1))
491490
)

0 commit comments

Comments
 (0)