Skip to content

Commit 9261b7f

Browse files
erik-krogherik-krogh
committed
add support for the flatted library
1 parent 1792c9a commit 9261b7f

File tree

5 files changed

+8
-3
lines changed

5 files changed

+8
-3
lines changed

javascript/change-notes/2021-06-24-json.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,5 @@ lgtm,codescanning
33
Affected packages are
44
[json2csv](https://npmjs.com/package/json2csv),
55
[json5](https://npmjs.com/package/json5),
6-
[prettyjson](https://npmjs.com/package/prettyjson)
6+
[prettyjson](https://npmjs.com/package/prettyjson),
7+
[flatted](https://npmjs.com/package/flatted)

javascript/ql/src/semmle/javascript/JsonParsers.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ private class PlainJsonParserCall extends JsonParserCall {
2626
PlainJsonParserCall() {
2727
exists(DataFlow::SourceNode callee | this = callee.getACall() |
2828
callee = DataFlow::globalVarRef("JSON").getAPropertyRead("parse") or
29-
callee = DataFlow::moduleMember(["json3", "json5"], "parse") or
29+
callee = DataFlow::moduleMember(["json3", "json5", "flatted"], "parse") or
3030
callee = DataFlow::moduleImport("parse-json") or
3131
callee = DataFlow::moduleImport("json-parse-better-errors") or
3232
callee = DataFlow::moduleImport("json-safe-parse") or

javascript/ql/src/semmle/javascript/JsonStringifiers.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ class JsonStringifyCall extends DataFlow::CallNode {
1111
JsonStringifyCall() {
1212
exists(DataFlow::SourceNode callee | this = callee.getACall() |
1313
callee = DataFlow::globalVarRef("JSON").getAPropertyRead("stringify") or
14-
callee = DataFlow::moduleMember(["json3", "json5"], "stringify") or
14+
callee = DataFlow::moduleMember(["json3", "json5", "flatted"], "stringify") or
1515
callee =
1616
DataFlow::moduleImport([
1717
"json-stringify-safe", "json-stable-stringify", "stringify-object",

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,7 @@ typeInferenceMismatch
9292
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:18:8:18:40 | require ... source) |
9393
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:21:8:21:46 | new jso ... source) |
9494
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:24:8:24:43 | json5.s ... ource)) |
95+
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:27:8:27:47 | flatted ... ource)) |
9596
| json-stringify.js:3:15:3:22 | source() | json-stringify.js:8:8:8:31 | jsonStr ... (taint) |
9697
| nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x |
9798
| nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y |

javascript/ql/test/library-tests/TaintTracking/json-stringify.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,7 @@ function foo() {
2222

2323
const json5 = require('json5');
2424
sink(json5.stringify(json5.parse(source))); // NOT OK
25+
26+
const flatted = require('flatted');
27+
sink(flatted.stringify(flatted.parse(source))); // NOT OK
2528
}

0 commit comments

Comments
 (0)