Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b13c110

Browse files
authored
Merge pull request #885 from asger-semmle/async-waterfall
Approved by xiemaisi
2 parents 09825f2 + ddd7219 commit b13c110

4 files changed

Lines changed: 26 additions & 4 deletions

File tree

change-notes/1.20/analysis-javascript.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
- client-side code, for example [React](https://reactjs.org/)
77
- cookies and webstorage, for example [js-cookie](https://github.com/js-cookie/js-cookie)
88
- server-side code, for example [hapi](https://hapijs.com/)
9+
- asynchronous code, for example [a-sync-waterfall](https://www.npmjs.com/package/a-sync-waterfall)
910
* File classification has been improved to recognize additional generated files, for example files from [HTML Tidy](html-tidy.org).
1011

1112
* The taint tracking library now recognizes flow through persistent storage, class fields, and callbacks in certain cases. This may give more results for the security queries.

javascript/ql/src/semmle/javascript/frameworks/AsyncPackage.qll

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,10 @@ module AsyncPackage {
2929
* A call to `async.waterfall`.
3030
*/
3131
class Waterfall extends DataFlow::InvokeNode {
32-
Waterfall() { this = member("waterfall").getACall() }
32+
Waterfall() {
33+
this = member("waterfall").getACall() or
34+
this = DataFlow::moduleImport("a-sync-waterfall").getACall()
35+
}
3336

3437
/**
3538
* Gets the array of tasks, if it can be found.

javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
| map.js:20:19:20:26 | source() | map.js:23:27:23:32 | result |
44
| map.js:26:13:26:20 | source() | map.js:28:27:28:32 | result |
55
| sortBy.js:10:22:10:29 | source() | sortBy.js:12:27:12:32 | result |
6-
| waterfall.js:7:30:7:37 | source() | waterfall.js:10:12:10:16 | taint |
7-
| waterfall.js:7:30:7:37 | source() | waterfall.js:19:10:19:14 | taint |
8-
| waterfall.js:27:18:27:25 | source() | waterfall.js:38:10:38:12 | err |
6+
| waterfall.js:8:30:8:37 | source() | waterfall.js:11:12:11:16 | taint |
7+
| waterfall.js:8:30:8:37 | source() | waterfall.js:20:10:20:14 | taint |
8+
| waterfall.js:28:18:28:25 | source() | waterfall.js:39:10:39:12 | err |
9+
| waterfall.js:46:22:46:29 | source() | waterfall.js:49:12:49:16 | taint |
10+
| waterfall.js:46:22:46:29 | source() | waterfall.js:55:10:55:14 | taint |

javascript/ql/test/library-tests/frameworks/AsyncPackage/waterfall.js

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
let async_ = require('async');
2+
let waterfall = require('a-sync-waterfall');
23

34
var source, sink, somethingWrong;
45

@@ -39,3 +40,18 @@ async_.waterfall([
3940
sink(safe); // OK
4041
}
4142
);
43+
44+
waterfall([
45+
function(callback) {
46+
callback(null, source());
47+
},
48+
function(taint, callback) {
49+
sink(taint); // NOT OK
50+
callback(null, taint);
51+
}
52+
],
53+
function(err, taint) {
54+
sink(err); // OK
55+
sink(taint); // NOT OK
56+
}
57+
);

0 commit comments

Comments
 (0)