Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ff83e60

Browse files
author
Max Schaefer
committed
JavaScript: Track Electron browser objects inter-procedurally.
1 parent d59c12e commit ff83e60

4 files changed

Lines changed: 31 additions & 7 deletions

File tree

javascript/ql/src/semmle/javascript/frameworks/Electron.qll

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ module Electron {
1616
/**
1717
* An instantiation of `BrowserWindow` or `BrowserView`.
1818
*/
19-
abstract private class NewBrowserObject extends BrowserObject {
19+
abstract private class NewBrowserObject extends BrowserObject, DataFlow::TrackedNode {
2020
DataFlow::NewNode self;
2121

2222
NewBrowserObject() { this = self }
@@ -56,6 +56,15 @@ module Electron {
5656
}
5757
}
5858

59+
/**
60+
* A data flow node whose value may originate from a browser object instantiation.
61+
*/
62+
private class BrowserObjectByFlow extends BrowserObject {
63+
BrowserObjectByFlow() {
64+
any(NewBrowserObject nbo).flowsTo(this)
65+
}
66+
}
67+
5968
/**
6069
* A Node.js-style HTTP or HTTPS request made using an Electron module.
6170
*/

javascript/ql/test/library-tests/frameworks/Electron/BrowserObject.expected

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,14 @@
11
| electron.d.ts:2:16:2:28 | BrowserWindow |
22
| electron.d.ts:3:16:3:26 | BrowserView |
3-
| electron.js:3:1:3:39 | new Bro ... s: {}}) |
4-
| electron.js:4:1:4:37 | new Bro ... s: {}}) |
3+
| electron.js:3:5:3:48 | bw |
4+
| electron.js:3:10:3:48 | new Bro ... s: {}}) |
5+
| electron.js:4:5:4:46 | bv |
6+
| electron.js:4:10:4:46 | new Bro ... s: {}}) |
7+
| electron.js:35:14:35:14 | x |
8+
| electron.js:36:12:36:12 | x |
9+
| electron.js:39:1:39:7 | foo(bw) |
10+
| electron.js:39:5:39:6 | bw |
11+
| electron.js:40:1:40:7 | foo(bv) |
12+
| electron.js:40:5:40:6 | bv |
513
| electron.ts:3:12:3:13 | bw |
614
| electron.ts:3:40:3:41 | bv |

javascript/ql/test/library-tests/frameworks/Electron/WebPreferences.expected

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
| electron.js:3:36:3:37 | {} |
2-
| electron.js:4:34:4:35 | {} |
1+
| electron.js:3:45:3:46 | {} |
2+
| electron.js:4:43:4:44 | {} |

javascript/ql/test/library-tests/frameworks/Electron/electron.js

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
const {BrowserView, BrowserWindow, ClientRequest, net} = require('electron')
22

3-
new BrowserWindow({webPreferences: {}})
4-
new BrowserView({webPreferences: {}})
3+
var bw = new BrowserWindow({webPreferences: {}})
4+
var bv = new BrowserView({webPreferences: {}})
55

66
function makeClientRequests() {
77
net.request('https://example.com').end();
@@ -31,3 +31,10 @@ function makeClientRequests() {
3131
post.write('stuff');
3232
post.end('more stuff');
3333
}
34+
35+
function foo(x) {
36+
return x;
37+
}
38+
39+
foo(bw);
40+
foo(bv);

0 commit comments

Comments
 (0)