Skip to content

Commit 902a436

Browse files
erik-krogherik-krogh
committed
assume that all pipe elements that return something, return outputs
1 parent 2f14a62 commit 902a436

File tree

3 files changed

+17
-2
lines changed

3 files changed

+17
-2
lines changed

javascript/ql/src/semmle/javascript/frameworks/RxJS.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,8 @@ private DataFlow::Node pipeInput(DataFlow::CallNode pipe) {
3434
* the pipe.
3535
*/
3636
private DataFlow::Node pipeOutput(DataFlow::CallNode pipe) {
37-
pipe = DataFlow::moduleMember("rxjs/operators", "map").getACall() and
37+
// we assume if there is a return, it is an output.
38+
pipe = DataFlow::moduleMember("rxjs/operators", _).getACall() and
3839
result = pipe.getCallback(0).getReturnNode()
3940
or
4041
pipe = DataFlow::moduleMember("rxjs/operators", "filter").getACall() and

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,8 @@ typeInferenceMismatch
112112
| rxjs.js:13:1:13:8 | source() | rxjs.js:17:23:17:23 | x |
113113
| rxjs.js:13:1:13:8 | source() | rxjs.js:18:23:18:23 | x |
114114
| rxjs.js:13:1:13:8 | source() | rxjs.js:22:14:22:17 | data |
115+
| rxjs.js:27:24:27:32 | source(x) | rxjs.js:29:23:29:23 | x |
116+
| rxjs.js:27:24:27:32 | source(x) | rxjs.js:34:14:34:17 | data |
115117
| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:14:10:14:14 | taint |
116118
| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:33:14:33:18 | taint |
117119
| sanitizer-guards.js:2:11:2:18 | source() | sanitizer-guards.js:4:8:4:8 | x |

javascript/ql/test/library-tests/TaintTracking/rxjs.js

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { map, tap, catchError } from 'rxjs/operators';
1+
import { map, tap, catchError, switchMap, filter } from 'rxjs/operators';
22

33
source()
44
.pipe(
@@ -21,3 +21,15 @@ source()
2121
.subscribe(data => {
2222
sink(data)
2323
});
24+
25+
myIdentifier()
26+
.pipe(
27+
switchMap(x => source(x)),
28+
filter(x => myFilter(x)),
29+
tap(x => sink(x)),
30+
catchError(err => {}),
31+
map(x => x + 'foo')
32+
)
33+
.subscribe(data => {
34+
sink(data)
35+
});

0 commit comments

Comments
 (0)