Merge pull request github#3324 from erik-krogh/BoundSocketIO

semmle-qlci · web-flow · commit 1312fcccae03 · 2020-04-23T08:42:45.000+01:00
Approved by asgerf
diff --git a/javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll b/javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll
@@ -190,7 +190,7 @@ module SocketIO {
       |
         on = base.getAMethodCall(EventEmitter::on()) and
         on.getArgument(0).mayHaveStringValue(connect) and
-        this = on.getCallback(1).getParameter(0)
+        this = on.getABoundCallbackParameter(1, 0)
       )
     }
 
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/tests.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/tests.expected
@@ -30,6 +30,7 @@ test_NamespaceNode
 | tst.js:68:1:68:35 | io.on(' ...  => {}) | socket.io namespace with path '/' |
 | tst.js:69:1:69:32 | ns.on(' ...  => {}) | socket.io namespace with path '/' |
 | tst.js:70:1:74:2 | ns.on(' ... {});\\n}) | socket.io namespace with path '/' |
+| tst.js:85:1:85:37 | io.on(' ... , "x")) | socket.io namespace with path '/' |
 test_ClientReceiveNode_getASender
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:30:1:30:28 | ns.emit ... event') |
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:31:1:31:20 | ns.send('a message') |
@@ -121,6 +122,7 @@ test_SocketNode
 | tst.js:71:3:71:35 | socket. ...  => {}) | socket.io namespace with path '/' |
 | tst.js:72:3:72:46 | socket. ...  => {}) | socket.io namespace with path '/' |
 | tst.js:73:3:73:43 | socket. ...  => {}) | socket.io namespace with path '/' |
+| tst.js:84:16:84:21 | socket | socket.io namespace with path '/' |
 test_ClientSendNode_getEventName
 | client2.js:14:1:14:32 | sock.em ... there") | data |
 | client2.js:16:1:16:36 | sock.wr ...  => {}) | message |
@@ -171,6 +173,7 @@ test_ServerNode
 | tst.js:50:1:67:2 | io.on(' ... t');\\n}) | tst.js:1:12:1:33 | require ... .io')() |
 | tst.js:68:1:68:35 | io.on(' ...  => {}) | tst.js:1:12:1:33 | require ... .io')() |
 | tst.js:80:1:80:10 | obj.server | tst.js:1:12:1:33 | require ... .io')() |
+| tst.js:85:1:85:37 | io.on(' ... , "x")) | tst.js:1:12:1:33 | require ... .io')() |
 test_ClientSendNode_getAReceiver
 | client2.js:14:1:14:32 | sock.em ... there") | tst.js:71:3:71:35 | socket. ...  => {}) |
 | client2.js:14:1:14:32 | sock.em ... there") | tst.js:72:3:72:46 | socket. ...  => {}) |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/tst.js b/javascript/ql/test/library-tests/frameworks/SocketIO/tst.js
@@ -80,3 +80,6 @@ var obj = {
 obj.server;                    // SocketIO::ServerNode
 obj.serveClient(false);        // not a SocketIO::ServerNode
 obj.serveClient(false).server; // not a SocketIO::ServerNode
+
+function foo(x,socket) {}
+io.on('connect', foo.bind(null, "x"));

Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,7 @@ module SocketIO {`
`190`	`190`	`\|`
`191`	`191`	`on = base.getAMethodCall(EventEmitter::on()) and`
`192`	`192`	`on.getArgument(0).mayHaveStringValue(connect) and`
`193`		`- this = on.getCallback(1).getParameter(0)`
	`193`	`+ this = on.getABoundCallbackParameter(1, 0)`
`194`	`194`	`)`
`195`	`195`	`}`
`196`	`196`