Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 687b7f0

Browse files
author
Esben Sparre Andreasen
committed
JS: exclude direct flow from the RHS in a destructuring assignment
1 parent f333419 commit 687b7f0

6 files changed

Lines changed: 26 additions & 7 deletions

File tree

javascript/ql/src/Declarations/DeadStoreOfLocal.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ import DeadStore
1919
*/
2020
predicate deadStoreOfLocal(VarDef vd, PurelyLocalVariable v) {
2121
v = vd.getAVariable() and
22-
exists(vd.getSource()) and
22+
(exists(vd.getSource()) or exists(vd.getDestructuringSource())) and
2323
// the definition is not in dead code
2424
exists(ReachableBasicBlock rbb | vd = rbb.getANode()) and
2525
// but it has no associated SSA definition, that is, it is dead

javascript/ql/src/semmle/javascript/DefUse.qll

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -187,9 +187,23 @@ class VarDef extends ControlFlowNode {
187187
* the value that this definition assigns to its target.
188188
*
189189
* This predicate is not defined for `VarDef`s where the source is implicit,
190-
* such as `for-in` loops or parameters.
190+
* such as `for-in` loops, parameters or destructuring assignments.
191191
*/
192-
AST::ValueNode getSource() { defn(this, _, result) }
192+
AST::ValueNode getSource() {
193+
exists(Expr target |
194+
not target instanceof DestructuringPattern and defn(this, target, result)
195+
)
196+
}
197+
198+
/**
199+
* Gets the source that this definition destructs, that is, the
200+
* right hand side of a destructuring assignment.
201+
*/
202+
AST::ValueNode getDestructuringSource() {
203+
exists(Expr target |
204+
target instanceof DestructuringPattern and defn(this, target, result)
205+
)
206+
}
193207

194208
/**
195209
* Holds if this definition of `v` is overwritten by another definition, that is,

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -992,7 +992,9 @@ module DataFlow {
992992
* flow through IIFE calls into account.
993993
*/
994994
private AST::ValueNode defSourceNode(VarDef def) {
995-
result = def.getSource() or localArgumentPassing(result, def)
995+
result = def.getSource() or
996+
result = def.getDestructuringSource() or
997+
localArgumentPassing(result, def)
996998
}
997999

9981000
/**

javascript/ql/src/semmle/javascript/dataflow/internal/VariableTypeInference.qll

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,9 +53,7 @@ private class SsaVarAccessWithNonLocalAnalysis extends SsaVarAccessAnalysis {
5353
exists(VarDef varDef |
5454
varDef = def.(SsaExplicitDefinition).getDef() and
5555
varDef.getSource().flow() = src and
56-
src instanceof CallWithNonLocalAnalyzedReturnFlow and
57-
// avoid relating `v` and `f()` in `var {v} = f();`
58-
not varDef.getTarget() instanceof DestructuringPattern
56+
src instanceof CallWithNonLocalAnalyzedReturnFlow
5957
)
6058
}
6159

javascript/ql/test/library-tests/DefUse/VarDefDestructuringSource.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
| tst.js:23:6:23:23 | {a = b, c = d} = e | tst.js:23:23:23:23 | e |

javascript/ql/test/library-tests/DefUse/VarDefDestructuringSource.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
import javascript
2+
3+
from VarDef d
4+
select d, d.getDestructuringSource()

0 commit comments

Comments
 (0)