add support for the replicator library

erik-krogh · erik-krogh · commit d6300bced3dc · 2021-07-12T10:51:43.000+02:00
diff --git a/javascript/change-notes/2021-06-24-json.md b/javascript/change-notes/2021-06-24-json.md
@@ -5,4 +5,5 @@ lgtm,codescanning
     [json5](https://npmjs.com/package/json5),
     [prettyjson](https://npmjs.com/package/prettyjson),
     [flatted](https://npmjs.com/package/flatted),
-    [teleport-javascript](https://npmjs.com/package/teleport-javascript)
+    [teleport-javascript](https://npmjs.com/package/teleport-javascript),
+    [replicator](https://npmjs.com/package/replicator)
diff --git a/javascript/ql/src/semmle/javascript/JsonParsers.qll b/javascript/ql/src/semmle/javascript/JsonParsers.qll
@@ -27,6 +27,7 @@ private class PlainJsonParserCall extends JsonParserCall {
     exists(DataFlow::SourceNode callee | this = callee.getACall() |
       callee = DataFlow::globalVarRef("JSON").getAPropertyRead("parse") or
       callee = DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript"], "parse") or
+      callee = API::moduleImport("replicator").getInstance().getMember("decode").getAnImmediateUse() or
       callee = DataFlow::moduleImport("parse-json") or
       callee = DataFlow::moduleImport("json-parse-better-errors") or
       callee = DataFlow::moduleImport("json-safe-parse") or
diff --git a/javascript/ql/src/semmle/javascript/JsonStringifiers.qll b/javascript/ql/src/semmle/javascript/JsonStringifiers.qll
@@ -13,6 +13,7 @@ class JsonStringifyCall extends DataFlow::CallNode {
       callee = DataFlow::globalVarRef("JSON").getAPropertyRead("stringify") or
       callee =
         DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript"], "stringify") or
+      callee = API::moduleImport("replicator").getInstance().getMember("encode").getAnImmediateUse() or
       callee =
         DataFlow::moduleImport([
             "json-stringify-safe", "json-stable-stringify", "stringify-object",
diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -94,6 +94,7 @@ typeInferenceMismatch
 | json-stringify.js:2:16:2:23 | source() | json-stringify.js:24:8:24:43 | json5.s ... ource)) |
 | json-stringify.js:2:16:2:23 | source() | json-stringify.js:27:8:27:47 | flatted ... ource)) |
 | json-stringify.js:2:16:2:23 | source() | json-stringify.js:30:8:30:49 | telepor ... ource)) |
+| json-stringify.js:2:16:2:23 | source() | json-stringify.js:34:8:34:51 | replica ... ource)) |
 | json-stringify.js:3:15:3:22 | source() | json-stringify.js:8:8:8:31 | jsonStr ... (taint) |
 | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x |
 | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y |
diff --git a/javascript/ql/test/library-tests/TaintTracking/json-stringify.js b/javascript/ql/test/library-tests/TaintTracking/json-stringify.js
@@ -28,4 +28,8 @@ function foo() {
 
   const teleport = require('teleport-javascript');
   sink(teleport.stringify(teleport.parse(source))); // NOT OK
+
+  const Replicator = require('replicator');
+  const replicator = new Replicator();
+  sink(replicator.encode(replicator.decode(source))); // NOT OK
 }

Original file line number	Diff line number	Diff line change
`@@ -28,4 +28,8 @@ function foo() {`
`28`	`28`
`29`	`29`	`const teleport = require('teleport-javascript');`
`30`	`30`	`sink(teleport.stringify(teleport.parse(source))); // NOT OK`
	`31`	`+`
	`32`	`+ const Replicator = require('replicator');`
	`33`	`+ const replicator = new Replicator();`
	`34`	`+ sink(replicator.encode(replicator.decode(source))); // NOT OK`
`31`	`35`	`}`