Skip to content

Commit 6dcee5a

Browse files
asgerfasgerf
committed
JS: Type track sqlite model
1 parent 84cd02c commit 6dcee5a

File tree

4 files changed

+23
-5
lines changed

4 files changed

+23
-5
lines changed

javascript/ql/src/semmle/javascript/frameworks/SQL.qll

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -224,10 +224,23 @@ private module Sqlite {
224224
result = sqlite().getAConstructorInvocation("Database")
225225
}
226226

227-
/** A call to a Sqlite query method. */
228-
private class QueryCall extends DatabaseAccess, DataFlow::ValueNode {
229-
override MethodCallExpr astNode;
227+
/** Gets a data flow node referring to a Sqlite database instance. */
228+
private DataFlow::SourceNode db(DataFlow::TypeTracker t) {
229+
t.start() and
230+
result = newDb()
231+
or
232+
exists(DataFlow::TypeTracker t2 |
233+
result = db(t2).track(t2, t)
234+
)
235+
}
236+
237+
/** Gets a data flow node referring to a Sqlite database instance. */
238+
DataFlow::SourceNode db() {
239+
result = db(DataFlow::TypeTracker::end())
240+
}
230241

242+
/** A call to a Sqlite query method. */
243+
private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
231244
QueryCall() {
232245
exists(string meth |
233246
meth = "all" or
@@ -237,12 +250,12 @@ private module Sqlite {
237250
meth = "prepare" or
238251
meth = "run"
239252
|
240-
this = newDb().getAMethodCall(meth)
253+
this = db().getAMethodCall(meth)
241254
)
242255
}
243256

244257
override DataFlow::Node getAQueryArgument() {
245-
result = DataFlow::valueNode(astNode.getArgument(0))
258+
result = getArgument(0)
246259
}
247260
}
248261

javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,3 +39,4 @@
3939
| spanner.js:19:16:19:34 | { sql: "SQL code" } |
4040
| spanner.js:19:23:19:32 | "SQL code" |
4141
| sqlite.js:7:8:7:45 | "UPDATE ... id = ?" |
42+
| sqliteImport.js:2:8:2:44 | "UPDATE ... id = ?" |

javascript/ql/test/library-tests/frameworks/SQL/sqlite.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,5 @@ var sqlite = require('sqlite3');
55

66
var db = new sqlite.Database(":memory:");
77
db.run("UPDATE tbl SET name = ? WHERE id = ?", "bar", 2);
8+
9+
exports.db = db;

javascript/ql/test/library-tests/frameworks/SQL/sqliteImport.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
const { db } = require('./sqlite');
2+
db.run("UPDATE foo SET bar = ? WHERE id = ?", "bar", 2);

0 commit comments

Comments
 (0)