Skip to content

Commit f5efddc

Browse files
am0o0am0o0
committed
comments improvement
1 parent e45268c commit f5efddc

File tree

1 file changed

+15
-5
lines changed

1 file changed

+15
-5
lines changed

javascript/ql/lib/semmle/javascript/frameworks/ReadableStream.qll

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,15 @@
1+
/**
2+
* Provides helper predicates to work with any Readable Stream in dataflow queries
3+
*
4+
* main predicate in which you can use by passing a Readable Stream is `customStreamPipeAdditionalTaintStep`
5+
*/
6+
17
import javascript
28

39
/**
410
* Holds if there is a step between `fs.createReadStream` and `stream.Readable.from` first parameters to all other piped parameters
11+
*
12+
* It can be global additional step too
513
*/
614
predicate readablePipeAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
715
exists(API::Node receiver |
@@ -20,6 +28,8 @@ predicate readablePipeAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node su
2028

2129
/**
2230
* additional taint steps for piped stream from `createReadStream` method of `fs/promises.open`
31+
*
32+
* It can be global additional step too
2333
*/
2434
predicate promisesFileHandlePipeAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
2535
exists(API::Node receiver | receiver = nodeJsPromisesFileSystem().getMember("open") |
@@ -45,9 +55,7 @@ API::Node nodeJsPromisesFileSystem() {
4555
*
4656
* or `receiver.pipe(succ)` and receiver is pred
4757
*
48-
* Receiver can be any method node that support stream pipe method, it can't be a parameter node
49-
*
50-
* Pass receiver method as receiver, not a return value of the receiver method
58+
* Receiver is a Readable Stream object
5159
*/
5260
predicate customStreamPipeAdditionalTaintStep(
5361
API::Node receiver, DataFlow::Node pred, DataFlow::Node succ
@@ -83,6 +91,8 @@ predicate customStreamPipeAdditionalTaintStep(
8391
* succ
8492
* )
8593
* ```
94+
*
95+
* It can be global additional step too
8696
*/
8797
predicate streamPipelineAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
8898
// this step connect the a pipeline parameter to the next pipeline parameter
@@ -114,8 +124,8 @@ API::Node nodeJsStream() {
114124
}
115125

116126
/**
117-
* Gets a Readable Stream method(not a return value of the method)
118-
* and returns all nodes responsible for a data read access
127+
* Gets a Readable stream object,
128+
* and returns all nodes responsible for a data read of this Readable stream
119129
*/
120130
DataFlow::Node readableStreamDataNode(API::Node stream) {
121131
result = stream.asSource()

0 commit comments

Comments
 (0)