Skip to content

Commit 9bca863

Browse files
NapalysNapalys
committed
Added modeling of underscore.string string to string functions.
1 parent e8b233f commit 9bca863

File tree

2 files changed

+37
-31
lines changed

2 files changed

+37
-31
lines changed

javascript/ql/lib/ext/underscore.string.model.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/javascript-all
4+
extensible: summaryModel
5+
data:
6+
- ["'underscore.string'", "Member[slugify,capitalize,decapitalize,clean,cleanDiacritics,swapCase,escapeHTML,unescapeHTML,wrap,dedent,reverse,pred,succ,titleize,camelize,classify,underscored,dasherize,humanize,trim,ltrim,rtrim,truncate,sprintf,strRight,strRightBack,strLeft,strLeftBack,stripTags,unquote,map]", "Argument[0]", "ReturnValue", "taint"]

javascript/ql/test/library-tests/TripleDot/underscore.string.js

Lines changed: 31 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,35 @@
11
var s = require("underscore.string");
22

33
function strToStr() {
4-
sink(s.slugify(source("s1"))); // $ MISSING: hasTaintFlow=s1
5-
sink(s.capitalize(source("s2"))); // $ MISSING: hasTaintFlow=s2
6-
sink(s.decapitalize(source("s3"))); // $ MISSING: hasTaintFlow=s3
7-
sink(s.clean(source("s4"))); // $ MISSING: hasTaintFlow=s4
8-
sink(s.cleanDiacritics(source("s5"))); // $ MISSING: hasTaintFlow=s5
9-
sink(s.swapCase(source("s6"))); // $ MISSING: hasTaintFlow=s6
10-
sink(s.escapeHTML(source("s7"))); // $ MISSING: hasTaintFlow=s7
11-
sink(s.unescapeHTML(source("s8"))); // $ MISSING: hasTaintFlow=s8
12-
sink(s.wrap(source("s9"), {})); // $ MISSING: hasTaintFlow=s9
13-
sink(s.dedent(source("s10"), " ")); // $ MISSING: hasTaintFlow=s10
14-
sink(s.reverse(source("s11"))); // $ MISSING: hasTaintFlow=s11
15-
sink(s.pred(source("s12"))); // $ MISSING: hasTaintFlow=s12
16-
sink(s.succ(source("s13"))); // $ MISSING: hasTaintFlow=s13
17-
sink(s.titleize(source("s14"))); // $ MISSING: hasTaintFlow=s14
18-
sink(s.camelize(source("s15"))); // $ MISSING: hasTaintFlow=s15
19-
sink(s.classify(source("s16"))); // $ MISSING: hasTaintFlow=s16
20-
sink(s.underscored(source("s17"))); // $ MISSING: hasTaintFlow=s17
21-
sink(s.dasherize(source("s18"))); // $ MISSING: hasTaintFlow=s18
22-
sink(s.humanize(source("s19"))); // $ MISSING: hasTaintFlow=s19
23-
sink(s.trim(source("s20"),"charsToStrim")); // $ MISSING: hasTaintFlow=s20
24-
sink(s.ltrim(source("s21"),"charsToStrim")); // $ MISSING: hasTaintFlow=s21
25-
sink(s.rtrim(source("s22"),"charsToStrim")); // $ MISSING: hasTaintFlow=s22
26-
sink(s.truncate(source("s23"), 10)); // $ MISSING: hasTaintFlow=s23
27-
sink(s.sprintf(source("s24"), 1.17)); // $ MISSING: hasTaintFlow=s24
28-
sink(s.strRight(source("s25"), "pattern")); // $ MISSING: hasTaintFlow=s25
29-
sink(s.strRightBack(source("s26"), "pattern")); // $ MISSING: hasTaintFlow=s26
30-
sink(s.strLeft(source("s27"), "pattern")); // $ MISSING: hasTaintFlow=s27
31-
sink(s.strLeftBack(source("s28"), "pattern")); // $ MISSING: hasTaintFlow=s28
32-
sink(s.stripTags(source("s29"))); // $ MISSING: hasTaintFlow=s29
33-
sink(s.unquote(source("s30"), "quote")); // $ MISSING: hasTaintFlow=s30
34-
sink(s.map(source("s31"), (x) => {return x;})); // $ MISSING: hasTaintFlow=s31
4+
sink(s.slugify(source("s1"))); // $ hasTaintFlow=s1
5+
sink(s.capitalize(source("s2"))); // $ hasTaintFlow=s2
6+
sink(s.decapitalize(source("s3"))); // $ hasTaintFlow=s3
7+
sink(s.clean(source("s4"))); // $ hasTaintFlow=s4
8+
sink(s.cleanDiacritics(source("s5"))); // $ hasTaintFlow=s5
9+
sink(s.swapCase(source("s6"))); // $ hasTaintFlow=s6
10+
sink(s.escapeHTML(source("s7"))); // $ hasTaintFlow=s7
11+
sink(s.unescapeHTML(source("s8"))); // $ hasTaintFlow=s8
12+
sink(s.wrap(source("s9"), {})); // $ hasTaintFlow=s9
13+
sink(s.dedent(source("s10"), " ")); // $ hasTaintFlow=s10
14+
sink(s.reverse(source("s11"))); // $ hasTaintFlow=s11
15+
sink(s.pred(source("s12"))); // $ hasTaintFlow=s12
16+
sink(s.succ(source("s13"))); // $ hasTaintFlow=s13
17+
sink(s.titleize(source("s14"))); // $ hasTaintFlow=s14
18+
sink(s.camelize(source("s15"))); // $ hasTaintFlow=s15
19+
sink(s.classify(source("s16"))); // $ hasTaintFlow=s16
20+
sink(s.underscored(source("s17"))); // $ hasTaintFlow=s17
21+
sink(s.dasherize(source("s18"))); // $ hasTaintFlow=s18
22+
sink(s.humanize(source("s19"))); // $ hasTaintFlow=s19
23+
sink(s.trim(source("s20"),"charsToStrim")); // $ hasTaintFlow=s20
24+
sink(s.ltrim(source("s21"),"charsToStrim")); // $ hasTaintFlow=s21
25+
sink(s.rtrim(source("s22"),"charsToStrim")); // $ hasTaintFlow=s22
26+
sink(s.truncate(source("s23"), 10)); // $ hasTaintFlow=s23
27+
sink(s.sprintf(source("s24"), 1.17)); // $ hasTaintFlow=s24
28+
sink(s.strRight(source("s25"), "pattern")); // $ hasTaintFlow=s25
29+
sink(s.strRightBack(source("s26"), "pattern")); // $ hasTaintFlow=s26
30+
sink(s.strLeft(source("s27"), "pattern")); // $ hasTaintFlow=s27
31+
sink(s.strLeftBack(source("s28"), "pattern")); // $ hasTaintFlow=s28
32+
sink(s.stripTags(source("s29"))); // $ hasTaintFlow=s29
33+
sink(s.unquote(source("s30"), "quote")); // $ hasTaintFlow=s30
34+
sink(s.map(source("s31"), (x) => {return x;})); // $ hasTaintFlow=s31
3535
}

0 commit comments

Comments
 (0)