Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5d9778c

Browse files
asgerfasgerf
committed
JS: Step through babel.transform
1 parent 3e67eba commit 5d9778c

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

  • javascript/ql/src/semmle/javascript/frameworks

javascript/ql/src/semmle/javascript/frameworks/Babel.qll

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -188,4 +188,20 @@ module Babel {
188188
/** Gets the name of the variable used to create JSX elements. */
189189
string getJsxFactoryVariableName() { result = getOption("pragma").(JSONString).getValue() }
190190
}
191+
192+
/**
193+
* A taint step through a call to the Babel `transform` function.
194+
*/
195+
private class TransformTaintStep extends TaintTracking::SharedTaintStep {
196+
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
197+
exists(DataFlow::CallNode call |
198+
call =
199+
API::moduleImport(["@babel/standalone", "@babel/core"])
200+
.getMember(["transform", "transformSync"])
201+
.getACall() and
202+
pred = call.getArgument(0) and
203+
succ = call
204+
)
205+
}
206+
}
191207
}

0 commit comments

Comments
 (0)