Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c2fb146

Browse files
author
Esben Sparre Andreasen
committed
JS: move isDefensiveInit to DefensiveProgramming.qll
1 parent 2f0e693 commit c2fb146

2 files changed

Lines changed: 29 additions & 24 deletions

File tree

javascript/ql/src/Statements/UselessConditional.ql

Lines changed: 2 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -15,29 +15,7 @@
1515
import javascript
1616
import semmle.javascript.RestrictedLocations
1717
import semmle.javascript.dataflow.Refinements
18-
19-
/**
20-
* Holds if `va` is a defensive truthiness check that may be worth keeping, even if it
21-
* is strictly speaking useless.
22-
*
23-
* We currently recognize three patterns:
24-
*
25-
* - the first `x` in `x || (x = e)`
26-
* - the second `x` in `x = (x || e)`
27-
* - the second `x` in `var x = x || e`
28-
*/
29-
predicate isDefensiveInit(VarAccess va) {
30-
exists (LogOrExpr o, VarRef va2 |
31-
va = o.getLeftOperand().getUnderlyingReference() and va2.getVariable() = va.getVariable() |
32-
exists (AssignExpr assgn | va2 = assgn.getTarget() |
33-
assgn = o.getRightOperand().stripParens() or
34-
o = assgn.getRhs().getUnderlyingValue()
35-
) or
36-
exists (VariableDeclarator vd | va2 = vd.getBindingPattern() |
37-
o = vd.getInit().getUnderlyingValue()
38-
)
39-
)
40-
}
18+
import semmle.javascript.DefensiveProgramming
4119

4220
/**
4321
* Holds if variable `v` looks like a symbolic constant, that is, it is assigned
@@ -109,7 +87,7 @@ predicate isConstantBooleanReturnValue(Expr e) {
10987
predicate whitelist(Expr e) {
11088
isConstant(e) or
11189
isConstant(e.(LogNotExpr).getOperand()) or
112-
isDefensiveInit(e) or
90+
e.flow() instanceof DefensiveInit or
11391
isInitialParameterUse(e) or
11492
isConstantBooleanReturnValue(e)
11593
}
Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
import javascript
2+
3+
/**
4+
* A defensive truthiness check that may be worth keeping, even if it
5+
* is strictly speaking useless.
6+
*
7+
* We currently recognize three patterns:
8+
*
9+
* - the first `x` in `x || (x = e)`
10+
* - the second `x` in `x = (x || e)`
11+
* - the second `x` in `var x = x || e`
12+
*/
13+
class DefensiveInit extends DataFlow::ValueNode {
14+
DefensiveInit() {
15+
exists(VarAccess va, LogOrExpr o, VarRef va2 |
16+
va = astNode and
17+
va = o.getLeftOperand().stripParens() and va2.getVariable() = va.getVariable() |
18+
exists(AssignExpr assgn | va2 = assgn.getTarget() |
19+
assgn = o.getRightOperand().stripParens() or
20+
o = assgn.getRhs().stripParens()
21+
)
22+
or
23+
exists(VariableDeclarator vd | va2 = vd.getBindingPattern() | o = vd.getInit().stripParens())
24+
)
25+
}
26+
27+
}

0 commit comments

Comments
 (0)