Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bdc409c

Browse files
asger-semmleasger-semmle
committed
JS: Move getACallee into CallGraphs module
1 parent 4a0e54a commit bdc409c

2 files changed

Lines changed: 25 additions & 13 deletions

File tree

javascript/ql/src/semmle/javascript/dataflow/Nodes.qll

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -141,19 +141,8 @@ class InvokeNode extends DataFlow::SourceNode {
141141
* This predicate can be overridden to alter the call graph used by the interprocedural
142142
* data flow libraries.
143143
*/
144-
cached
145144
Function getACallee(int imprecision) {
146-
CallGraph::getAFunctionReference(result.flow(), imprecision).flowsTo(getCalleeNode())
147-
or
148-
imprecision = 0 and
149-
exists(InvokeExpr expr | expr = this.(DataFlow::Impl::ExplicitInvokeNode).asExpr() |
150-
result = expr.getResolvedCallee()
151-
or
152-
exists(DataFlow::ClassNode cls |
153-
expr.(SuperCall).getBinder() = cls.getConstructor().getFunction() and
154-
result = cls.getADirectSuperClass().getConstructor().getFunction()
155-
)
156-
)
145+
result = CallGraph::getACallee(this, imprecision).getFunction()
157146
}
158147

159148
/**

javascript/ql/src/semmle/javascript/dataflow/internal/CallGraphs.qll

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ module CallGraph {
1919

2020
/**
2121
* Gets a data flow node that refers to the given function.
22+
*
23+
* Note that functions are not currently type-tracked, but this exposes the type-tracker `t`
24+
* from underlying class tracking if the function came from a class or instance.
2225
*/
2326
pragma[nomagic]
2427
private
@@ -119,8 +122,28 @@ module CallGraph {
119122
or
120123
exists(DataFlow::ClassNode subclass |
121124
result = getAnInstanceMemberAccess(subclass, name, t) and
122-
not exists(subclass.getAnInstanceMember(name)) and
125+
not exists(subclass.getInstanceMember(name, _)) and
123126
cls = subclass.getADirectSuperClass()
124127
)
125128
}
129+
130+
/**
131+
* Gets a possible callee of `node` with the given `imprecision`.
132+
*
133+
* Does not include custom call edges.
134+
*/
135+
cached
136+
DataFlow::FunctionNode getACallee(DataFlow::InvokeNode node, int imprecision) {
137+
getAFunctionReference(result, imprecision).flowsTo(node.getCalleeNode())
138+
or
139+
imprecision = 0 and
140+
exists(InvokeExpr expr | expr = node.(DataFlow::Impl::ExplicitInvokeNode).asExpr() |
141+
result.getFunction() = expr.getResolvedCallee()
142+
or
143+
exists(DataFlow::ClassNode cls |
144+
expr.(SuperCall).getBinder() = cls.getConstructor().getFunction() and
145+
result = cls.getADirectSuperClass().getConstructor()
146+
)
147+
)
148+
}
126149
}

0 commit comments

Comments
 (0)