Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit eb10f60

Browse files
author
Esben Sparre Andreasen
committed
JS: whitelist decorator-bound methods in js/unbound-event-handler-receiver
1 parent 1220b50 commit eb10f60

3 files changed

Lines changed: 25 additions & 4 deletions

File tree

javascript/ql/src/Expressions/UnboundEventHandlerReceiver.ql

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
import javascript
1111

1212
/**
13-
* Holds if the receiver of `method` is bound in a method of its class.
13+
* Holds if the receiver of `method` is bound.
1414
*/
1515
private predicate isBoundInMethod(MethodDeclaration method) {
1616
exists (DataFlow::ThisNode thiz, MethodDeclaration bindingMethod, string name |
@@ -38,6 +38,15 @@ private predicate isBoundInMethod(MethodDeclaration method) {
3838
)
3939
)
4040
)
41+
or
42+
exists (Expr decoration, string name |
43+
decoration = method.getADecorator().getExpression() and
44+
name.regexpMatch("(?i).*(bind|bound).*") |
45+
// @autobind
46+
decoration.(Identifier).getName() = name or
47+
// @action.bound
48+
decoration.(PropAccess).getPropertyName() = name
49+
)
4150
}
4251

4352
/**

javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/UnboundEventHandlerReceiver.expected

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
| tst.js:8:18:8:40 | onClick ... bound1} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:35:9:35:12 | this | this | tst.js:34:5:36:5 | unbound ... ;\\n } | unbound1 |
2-
| tst.js:9:18:9:40 | onClick ... bound2} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:39:15:39:18 | this | this | tst.js:38:5:40:5 | unbound ... ;\\n } | unbound2 |
3-
| tst.js:10:18:10:35 | onClick={unbound3} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:43:15:43:18 | this | this | tst.js:42:5:44:5 | unbound ... ;\\n } | unbound3 |
1+
| tst.js:8:18:8:40 | onClick ... bound1} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:37:9:37:12 | this | this | tst.js:36:5:38:5 | unbound ... ;\\n } | unbound1 |
2+
| tst.js:9:18:9:40 | onClick ... bound2} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:41:15:41:18 | this | this | tst.js:40:5:42:5 | unbound ... ;\\n } | unbound2 |
3+
| tst.js:10:18:10:35 | onClick={unbound3} | The receiver of this event handler call is unbound, `$@` will be `undefined` in the call to $@ | tst.js:45:15:45:18 | this | this | tst.js:44:5:46:5 | unbound ... ;\\n } | unbound3 |

javascript/ql/test/query-tests/Expressions/UnboundEventHandlerReceiver/tst.js

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ class Component extends React.Component {
1717
<div onClick={this.bound_throughNonSyntacticBindInConstructor}/> // OK
1818
<div onClick={this.bound_throughBindAllInConstructor1}/> // OK
1919
<div onClick={this.bound_throughBindAllInConstructor2}/> // OK
20+
<div onClick={this.bound_throughDecorator_autobind}/> // OK
21+
<div onClick={this.bound_throughDecorator_actionBound}/> // OK
2022
</div>
2123
}
2224

@@ -87,6 +89,16 @@ class Component extends React.Component {
8789
this.setState({ });
8890
}
8991

92+
@autobind
93+
bound_throughDecorator_autobind() {
94+
this.setState({ });
95+
}
96+
97+
@action.bound
98+
bound_throughDecorator_actionBound() {
99+
this.setState({ });
100+
}
101+
90102
}
91103

92104
// semmle-extractor-options: --experimental

0 commit comments

Comments
 (0)