Added modeling for extra chaining function from underscore.string.

Napalys · Napalys · commit 3a83c8d1fdde · 2025-03-17T18:06:26.000+01:00
diff --git a/javascript/ql/lib/ext/underscore.string.model.yml b/javascript/ql/lib/ext/underscore.string.model.yml
@@ -6,6 +6,7 @@ extensions:
       - ["'underscore.string'.Wrapper", "'underscore.string'", "ReturnValue"]
       - ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,value].ReturnValue"]
       - ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[insert,replaceAll,join,splice,prune,pad,lpad,rpad,repeat,surround,quote].ReturnValue"]
+      - ["'underscore.string'.Wrapper", "'underscore.string'.Wrapper", "Member[toUpperCase,toLowerCase,replace,slice,substring,substr,concat].ReturnValue"]
 
   - addsTo:
       pack: codeql/javascript-all
@@ -24,4 +25,5 @@ extensions:
       - ["'underscore.string'.Wrapper", "Member[insert,replaceAll,prune,pad,lpad,rpad,repeat]", "Argument[1]", "ReturnValue", "taint"]
       - ["'underscore.string'.Wrapper", "Member[surround,quote]", "Argument[0]", "ReturnValue", "taint"]
       - ["'underscore.string'.Wrapper", "Member[splice]", "Argument[2]", "ReturnValue", "taint"]
-      - ["'underscore.string'.Wrapper", "Member[join]", "Argument[0..N-1]", "ReturnValue", "taint"]
+      - ["'underscore.string'.Wrapper", "Member[join,concat]", "Argument[0..N-1]", "ReturnValue", "taint"]
+      - ["'underscore.string'.Wrapper", "Member[toUpperCase,toLowerCase,replace,slice,substring,substr,split]", "Argument[this]", "ReturnValue", "taint"]
diff --git a/javascript/ql/test/library-tests/TripleDot/underscore.string.js b/javascript/ql/test/library-tests/TripleDot/underscore.string.js
@@ -98,6 +98,6 @@ function chaining() {
       .repeat(3, source("s11")).surround(source("s12"))
       .quote(source("s13")).value()); // $ hasTaintFlow=s2 hasTaintFlow=s3 hasTaintFlow=s4 hasTaintFlow=s5 hasTaintFlow=s6 hasTaintFlow=s7 hasTaintFlow=s8 hasTaintFlow=s9 hasTaintFlow=s10 hasTaintFlow=s11 hasTaintFlow=s12 hasTaintFlow=s13
 
-  sink(s(source("s14")).toUpperCase().toLowerCase().replace().slice(1).substring(1).substr(1).concat(source("s15")).split()); // $ MISSING: hasTaintFlow=s14 MISSING: hasTaintFlow=s15
+  sink(s(source("s14")).toUpperCase().toLowerCase().replace().slice(1).substring(1).substr(1).concat(source("s15")).split()); // $ hasTaintFlow=s14 hasTaintFlow=s15
 
 }

Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,6 @@ function chaining() {`
`98`	`98`	`.repeat(3, source("s11")).surround(source("s12"))`
`99`	`99`	`.quote(source("s13")).value()); // $ hasTaintFlow=s2 hasTaintFlow=s3 hasTaintFlow=s4 hasTaintFlow=s5 hasTaintFlow=s6 hasTaintFlow=s7 hasTaintFlow=s8 hasTaintFlow=s9 hasTaintFlow=s10 hasTaintFlow=s11 hasTaintFlow=s12 hasTaintFlow=s13`
`100`	`100`
`101`		`- sink(s(source("s14")).toUpperCase().toLowerCase().replace().slice(1).substring(1).substr(1).concat(source("s15")).split()); // $ MISSING: hasTaintFlow=s14 MISSING: hasTaintFlow=s15`
	`101`	`+ sink(s(source("s14")).toUpperCase().toLowerCase().replace().slice(1).substring(1).substr(1).concat(source("s15")).split()); // $ hasTaintFlow=s14 hasTaintFlow=s15`
`102`	`102`
`103`	`103`	`}`