Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d7a47e8

Browse files
erik-krogherik-krogh
committed
add support for the promise-polyfill polyfill
1 parent f095e19 commit d7a47e8

4 files changed

Lines changed: 20 additions & 1 deletion

File tree

javascript/change-notes/2021-06-18-promises.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,5 @@ lgtm,codescanning
22
* The security queries now track flow through various `Promise` polyfills.
33
Affected packages are
44
[kew](https://npmjs.com/package/kew),
5-
[promise](https://npmjs.com/package/promise)
5+
[promise](https://npmjs.com/package/promise),
6+
[promise-polyfill](https://npmjs.com/package/promise-polyfill)

javascript/ql/src/semmle/javascript/Promises.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,11 @@ private DataFlow::SourceNode getAPromiseObject() {
7272
"promise", "promise/domains", "promise/setimmediate", "promise/lib/es6-extensions",
7373
"promise/domains/es6-extensions", "promise/setimmediate/es6-extensions"
7474
])
75+
or
76+
// polyfill from the [`promise-polyfill`](https://npmjs.org/package/promise-polyfill) library.
77+
result = DataFlow::moduleMember(["promise-polyfill", "promise-polyfill/src/polyfill"], "default")
78+
or
79+
result = DataFlow::moduleImport(["promise-polyfill", "promise-polyfill/src/polyfill"])
7580
}
7681

7782
/**

javascript/ql/test/library-tests/Promises/promises.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,3 +99,10 @@
9999
PromiseA.resolve(source);
100100
PromiseB.resolve(source);
101101
})();
102+
103+
(function() {
104+
var PromiseA = require('promise-polyfill').default;
105+
import PromiseB from 'promise-polyfill';
106+
PromiseA.resolve(source);
107+
PromiseB.resolve(source);
108+
})();

javascript/ql/test/library-tests/Promises/tests.expected

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,8 @@ test_ResolvedPromiseDefinition
3838
| promises.js:79:19:79:41 | Promise ... source) | promises.js:79:35:79:40 | source |
3939
| promises.js:99:3:99:26 | Promise ... source) | promises.js:99:20:99:25 | source |
4040
| promises.js:100:3:100:26 | Promise ... source) | promises.js:100:20:100:25 | source |
41+
| promises.js:106:3:106:26 | Promise ... source) | promises.js:106:20:106:25 | source |
42+
| promises.js:107:3:107:26 | Promise ... source) | promises.js:107:20:107:25 | source |
4143
test_PromiseDefinition_getARejectHandler
4244
| flow.js:26:2:26:49 | new Pro ... ource)) | flow.js:26:69:26:80 | y => sink(y) |
4345
| flow.js:32:2:32:49 | new Pro ... ource)) | flow.js:32:57:32:68 | x => sink(x) |
@@ -413,3 +415,7 @@ typetrack
413415
| promises.js:99:3:99:26 | Promise ... source) | promises.js:99:20:99:25 | source | store $PromiseResolveField$ |
414416
| promises.js:100:3:100:26 | Promise ... source) | promises.js:100:20:100:25 | source | copy $PromiseResolveField$ |
415417
| promises.js:100:3:100:26 | Promise ... source) | promises.js:100:20:100:25 | source | store $PromiseResolveField$ |
418+
| promises.js:106:3:106:26 | Promise ... source) | promises.js:106:20:106:25 | source | copy $PromiseResolveField$ |
419+
| promises.js:106:3:106:26 | Promise ... source) | promises.js:106:20:106:25 | source | store $PromiseResolveField$ |
420+
| promises.js:107:3:107:26 | Promise ... source) | promises.js:107:20:107:25 | source | copy $PromiseResolveField$ |
421+
| promises.js:107:3:107:26 | Promise ... source) | promises.js:107:20:107:25 | source | store $PromiseResolveField$ |

0 commit comments

Comments
 (0)