Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f181111

Browse files
author
Max Schaefer
committed
JavaScript: Add model of http2 compatibility API.
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
1 parent da566a4 commit f181111

5 files changed

Lines changed: 29 additions & 6 deletions

File tree

change-notes/1.24/analysis-javascript.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
- [for-own](https://www.npmjs.com/package/for-own)
2727
- [send](https://www.npmjs.com/package/send)
2828
- [chrome-remote-interface](https://www.npmjs.com/package/chrome-remote-interface)
29+
- [http2](https://nodejs.org/api/http2.html)
2930

3031
## New queries
3132

javascript/ql/src/semmle/javascript/frameworks/HTTP.qll

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,8 +119,11 @@ module HTTP {
119119
}
120120

121121
/**
122+
* DEPRECATED: Use `http` or `https` directly as appropriate.
123+
*
122124
* Gets the string `http` or `https`.
123125
*/
126+
deprecated
124127
string httpOrHttps() { result = "http" or result = "https" }
125128

126129
/**

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,18 @@ module NodeJSLib {
4242
* Holds if `call` is an invocation of `http.createServer` or `https.createServer`.
4343
*/
4444
predicate isCreateServer(CallExpr call) {
45-
call = DataFlow::moduleMember(HTTP::httpOrHttps(), "createServer").getAnInvocation().asExpr()
45+
exists(string pkg, string fn |
46+
pkg = "http" and fn = "createServer"
47+
or
48+
pkg = "https" and fn = "createServer"
49+
or
50+
// http2 compatibility API
51+
pkg = "http2" and fn = "createServer"
52+
or
53+
pkg = "http2" and fn = "createSecureServer"
54+
|
55+
call = DataFlow::moduleMember(pkg, fn).getAnInvocation().asExpr()
56+
)
4657
}
4758

4859
/**
@@ -356,10 +367,12 @@ module NodeJSLib {
356367
/** An expression that is passed as `http.request({ auth: <expr> }, ...)`. */
357368
class Credentials extends CredentialsExpr {
358369
Credentials() {
359-
this = DataFlow::moduleMember(HTTP::httpOrHttps(), "request")
360-
.getACall()
361-
.getOptionArgument(0, "auth")
362-
.asExpr()
370+
exists(string http | http = "http" or http = "https" |
371+
this = DataFlow::moduleMember(http, "request")
372+
.getACall()
373+
.getOptionArgument(0, "auth")
374+
.asExpr()
375+
)
363376
}
364377

365378
override string getCredentialsKind() { result = "credentials" }
@@ -881,7 +894,6 @@ module NodeJSLib {
881894
override string getSourceType() { result = "NodeJSClientRequest error event" }
882895
}
883896

884-
885897
/**
886898
* An NodeJS EventEmitter instance.
887899
* Events dispatched on this EventEmitter will be handled by event handlers registered on this EventEmitter.

javascript/ql/test/library-tests/frameworks/NodeJSLib/createServer.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
11
var https = require('https');
22
https.createServer(function (req, res) {});
33
https.createServer(o, function (req, res) {});
4+
require('http2').createServer((req, res) => {});

javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
test_isCreateServer
22
| createServer.js:2:1:2:42 | https.c ... es) {}) |
33
| createServer.js:3:1:3:45 | https.c ... es) {}) |
4+
| createServer.js:4:1:4:47 | require ... => {}) |
45
| src/http.js:4:14:10:2 | http.cr ... foo;\\n}) |
56
| src/http.js:12:1:16:2 | http.cr ... r");\\n}) |
67
| src/http.js:57:1:57:31 | http.cr ... dler()) |
@@ -51,6 +52,7 @@ test_HeaderDefinition
5152
test_RouteSetup_getServer
5253
| createServer.js:2:1:2:42 | https.c ... es) {}) | createServer.js:2:1:2:42 | https.c ... es) {}) |
5354
| createServer.js:3:1:3:45 | https.c ... es) {}) | createServer.js:3:1:3:45 | https.c ... es) {}) |
55+
| createServer.js:4:1:4:47 | require ... => {}) | createServer.js:4:1:4:47 | require ... => {}) |
5456
| src/http.js:4:14:10:2 | http.cr ... foo;\\n}) | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) |
5557
| src/http.js:12:1:16:2 | http.cr ... r");\\n}) | src/http.js:12:1:16:2 | http.cr ... r");\\n}) |
5658
| src/http.js:57:1:57:31 | http.cr ... dler()) | src/http.js:57:1:57:31 | http.cr ... dler()) |
@@ -72,6 +74,7 @@ test_HeaderDefinition_getAHeaderName
7274
test_ServerDefinition
7375
| createServer.js:2:1:2:42 | https.c ... es) {}) |
7476
| createServer.js:3:1:3:45 | https.c ... es) {}) |
77+
| createServer.js:4:1:4:47 | require ... => {}) |
7578
| src/http.js:4:14:10:2 | http.cr ... foo;\\n}) |
7679
| src/http.js:12:1:16:2 | http.cr ... r");\\n}) |
7780
| src/http.js:57:1:57:31 | http.cr ... dler()) |
@@ -103,6 +106,7 @@ test_RouteHandler_getAResponseExpr
103106
test_ServerDefinition_getARouteHandler
104107
| createServer.js:2:1:2:42 | https.c ... es) {}) | createServer.js:2:20:2:41 | functio ... res) {} |
105108
| createServer.js:3:1:3:45 | https.c ... es) {}) | createServer.js:3:23:3:44 | functio ... res) {} |
109+
| createServer.js:4:1:4:47 | require ... => {}) | createServer.js:4:31:4:46 | (req, res) => {} |
106110
| src/http.js:4:14:10:2 | http.cr ... foo;\\n}) | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
107111
| src/http.js:12:1:16:2 | http.cr ... r");\\n}) | src/http.js:12:19:16:1 | functio ... ar");\\n} |
108112
| src/http.js:57:1:57:31 | http.cr ... dler()) | src/http.js:55:12:55:30 | function(req,res){} |
@@ -120,6 +124,7 @@ test_ResponseSendArgument
120124
test_RouteSetup_getARouteHandler
121125
| createServer.js:2:1:2:42 | https.c ... es) {}) | createServer.js:2:20:2:41 | functio ... res) {} |
122126
| createServer.js:3:1:3:45 | https.c ... es) {}) | createServer.js:3:23:3:44 | functio ... res) {} |
127+
| createServer.js:4:1:4:47 | require ... => {}) | createServer.js:4:31:4:46 | (req, res) => {} |
123128
| src/http.js:4:14:10:2 | http.cr ... foo;\\n}) | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
124129
| src/http.js:12:1:16:2 | http.cr ... r");\\n}) | src/http.js:12:19:16:1 | functio ... ar");\\n} |
125130
| src/http.js:57:1:57:31 | http.cr ... dler()) | src/http.js:55:12:55:30 | function(req,res){} |
@@ -147,6 +152,7 @@ test_RemoteFlowSources
147152
test_RouteHandler
148153
| createServer.js:2:20:2:41 | functio ... res) {} | createServer.js:2:1:2:42 | https.c ... es) {}) |
149154
| createServer.js:3:23:3:44 | functio ... res) {} | createServer.js:3:1:3:45 | https.c ... es) {}) |
155+
| createServer.js:4:31:4:46 | (req, res) => {} | createServer.js:4:1:4:47 | require ... => {}) |
150156
| src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) |
151157
| src/http.js:12:19:16:1 | functio ... ar");\\n} | src/http.js:12:1:16:2 | http.cr ... r");\\n}) |
152158
| src/http.js:55:12:55:30 | function(req,res){} | src/http.js:57:1:57:31 | http.cr ... dler()) |

0 commit comments

Comments
 (0)