JS: More babel.transform steps

asgerf · asgerf · commit 2770a53d3843 · 2021-03-29T13:00:23.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Babel.qll b/javascript/ql/src/semmle/javascript/frameworks/Babel.qll
@@ -194,13 +194,13 @@ module Babel {
    */
   private class TransformTaintStep extends TaintTracking::SharedTaintStep {
     override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-      exists(DataFlow::CallNode call |
+      exists(API::CallNode call |
         call =
           API::moduleImport(["@babel/standalone", "@babel/core"])
-              .getMember(["transform", "transformSync"])
+              .getMember(["transform", "transformSync", "transformAsync"])
               .getACall() and
         pred = call.getArgument(0) and
-        succ = call
+        succ = [call, call.getParameter(2).getParameter(0).getAnImmediateUse()]
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -194,13 +194,13 @@ module Babel {`
`194`	`194`	`*/`
`195`	`195`	`private class TransformTaintStep extends TaintTracking::SharedTaintStep {`
`196`	`196`	`override predicate step(DataFlow::Node pred, DataFlow::Node succ) {`
`197`		`- exists(DataFlow::CallNode call \|`
	`197`	`+ exists(API::CallNode call \|`
`198`	`198`	`call =`
`199`	`199`	`API::moduleImport(["@babel/standalone", "@babel/core"])`
`200`		`- .getMember(["transform", "transformSync"])`
	`200`	`+ .getMember(["transform", "transformSync", "transformAsync"])`
`201`	`201`	`.getACall() and`
`202`	`202`	`pred = call.getArgument(0) and`
`203`		`- succ = call`
	`203`	`+ succ = [call, call.getParameter(2).getParameter(0).getAnImmediateUse()]`
`204`	`204`	`)`
`205`	`205`	`}`
`206`	`206`	`}`