Skip to content

Commit af262a0

Browse files
erik-krogherik-krogh
committed
add support for getInitialProps in Next.js
1 parent d63fcaf commit af262a0

File tree

3 files changed

+21
-4
lines changed

3 files changed

+21
-4
lines changed

javascript/ql/src/semmle/javascript/frameworks/Next.qll

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,12 +67,23 @@ private module NextJS {
6767

6868
NextJSStaticPropsStep() {
6969
pageModule = getAPagesModule() and
70-
this = pageModule.getAnExportedValue("getStaticProps").getAFunctionValue()
70+
this = pageModule.getAnExportedValue("default").getAFunctionValue()
7171
}
7272

7373
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
74-
pred = this.getAReturn().getALocalSource().getAPropertyWrite("props").getRhs() and
75-
succ = pageModule.getAnExportedValue("default").getAFunctionValue().getParameter(0)
74+
(
75+
pred =
76+
pageModule
77+
.getAnExportedValue("getStaticProps")
78+
.getAFunctionValue()
79+
.getAReturn()
80+
.getALocalSource()
81+
.getAPropertyWrite("props")
82+
.getRhs()
83+
or
84+
pred = this.getAPropertyWrite("getInitialProps").getRhs().getAFunctionValue().getAReturn()
85+
) and
86+
succ = this.getParameter(0)
7687
}
7788
}
7889
}

javascript/ql/test/library-tests/frameworks/Next/pages/[my-fallback-id].jsx

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,12 @@ export async function getStaticProps({ params }) {
1515
}
1616
}
1717

18-
export default function Post({ taint }) {
18+
export default function Post({ taint, stars }) {
1919
sink(taint);
20+
sink(stars);
2021
return <span />;
2122
}
23+
24+
Post.getInitialProps = async (ctx) => {
25+
return { stars: source(2) }
26+
}

javascript/ql/test/library-tests/frameworks/Next/tests.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@ remoteFlow
22
| pages/[my-fallback-id].jsx:9:40:9:45 | params |
33
dataFlow
44
| pages/[my-fallback-id].jsx:13:20:13:27 | source() | pages/[my-fallback-id].jsx:19:10:19:14 | taint |
5+
| pages/[my-fallback-id].jsx:25:21:25:29 | source(2) | pages/[my-fallback-id].jsx:20:10:20:14 | stars |

0 commit comments

Comments
 (0)