Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7315a2b

Browse files
asger-semmleasger-semmle
committed
JS: Make type tracking work through access paths
1 parent 2105e0b commit 7315a2b

3 files changed

Lines changed: 35 additions & 2 deletions

File tree

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,8 @@ module DataFlow {
4343
} or
4444
THtmlAttributeNode(HTML::Attribute attr) or
4545
TExceptionalFunctionReturnNode(Function f) or
46-
TExceptionalInvocationReturnNode(InvokeExpr e)
46+
TExceptionalInvocationReturnNode(InvokeExpr e) or
47+
TGlobalAccessPathRoot()
4748

4849
/**
4950
* A node in the data flow graph.
@@ -912,6 +913,20 @@ module DataFlow {
912913
DataFlow::InvokeNode getInvocation() { result = invoke.flow() }
913914
}
914915

916+
/**
917+
* A pseudo-node representing the root of a global access path.
918+
*/
919+
private class GlobalAccessPathRoot extends TGlobalAccessPathRoot, DataFlow::Node {
920+
override string toString() { result = "global access path" }
921+
}
922+
923+
/**
924+
* INTERNAL. DO NOT USE.
925+
*
926+
* Gets a pseudo-node representing the root of a global access path.
927+
*/
928+
DataFlow::Node globalAccessPathRootPseudoNode() { result instanceof TGlobalAccessPathRoot }
929+
915930
/**
916931
* Provides classes representing various kinds of calls.
917932
*

javascript/ql/src/semmle/javascript/dataflow/Sources.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -250,6 +250,8 @@ module SourceNode {
250250
DataFlow::thisNode(this, _)
251251
or
252252
this = DataFlow::destructuredModuleImportNode(_)
253+
or
254+
this = DataFlow::globalAccessPathRootPseudoNode()
253255
}
254256
}
255257
}

javascript/ql/src/semmle/javascript/dataflow/TypeTracking.qll

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,11 @@ private import javascript
1010
private import internal.FlowSteps
1111

1212
private class PropertyName extends string {
13-
PropertyName() { this = any(DataFlow::PropRef pr).getPropertyName() }
13+
PropertyName() {
14+
this = any(DataFlow::PropRef pr).getPropertyName()
15+
or
16+
GlobalAccessPath::isAssignedInUniqueFile(this)
17+
}
1418
}
1519

1620
private class OptionalPropertyName extends string {
@@ -89,6 +93,18 @@ module StepSummary {
8993
or
9094
any(AdditionalTypeTrackingStep st).step(pred, succ) and
9195
summary = LevelStep()
96+
or
97+
exists(string name |
98+
name = GlobalAccessPath::fromRhs(pred) and
99+
succ = DataFlow::globalAccessPathRootPseudoNode() and
100+
summary = StoreStep(name)
101+
)
102+
or
103+
exists(string name |
104+
name = GlobalAccessPath::fromReference(succ) and
105+
pred = DataFlow::globalAccessPathRootPseudoNode() and
106+
summary = LoadStep(name)
107+
)
92108
}
93109
}
94110

0 commit comments

Comments
 (0)