Skip to content

Commit bef7e61

Browse files
erik-krogherik-krogh
committed
add support for the fast-json-stringify library
1 parent 40aa970 commit bef7e61

File tree

4 files changed

+7
-2
lines changed

4 files changed

+7
-2
lines changed

javascript/change-notes/2021-06-24-json.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,5 @@ lgtm,codescanning
1010
[safe-stable-stringify](https://npmjs.com/package/safe-stable-stringify),
1111
[fclone](https://npmjs.com/package/fclone),
1212
[json-cycle](https://npmjs.com/package/json-cycle),
13-
[strip-json-comments](https://npmjs.com/package/strip-json-comments)
13+
[strip-json-comments](https://npmjs.com/package/strip-json-comments),
14+
[fast-json-stringify](https://npmjs.com/package/fast-json-stringify)

javascript/ql/src/semmle/javascript/JsonStringifiers.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class JsonStringifyCall extends DataFlow::CallNode {
1919
DataFlow::moduleImport([
2020
"json-stringify-safe", "json-stable-stringify", "stringify-object",
2121
"fast-json-stable-stringify", "fast-safe-stringify", "javascript-stringify",
22-
"js-stringify", "safe-stable-stringify"
22+
"js-stringify", "safe-stable-stringify", "fast-json-stringify"
2323
]) or
2424
// require("util").inspect() and similar
2525
callee = DataFlow::moduleMember("util", "inspect") or

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,7 @@ typeInferenceMismatch
9898
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:36:8:36:47 | require ... source) |
9999
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:39:8:39:37 | jc.stri ... ource)) |
100100
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:42:8:42:51 | JSON.st ... urce))) |
101+
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:45:8:45:23 | fastJson(source) |
101102
| json-stringify.js:3:15:3:22 | source() | json-stringify.js:8:8:8:31 | jsonStr ... (taint) |
102103
| nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x |
103104
| nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y |

javascript/ql/test/library-tests/TaintTracking/json-stringify.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,4 +40,7 @@ function foo() {
4040

4141
const stripper = require("strip-json-comments");
4242
sink(JSON.stringify(JSON.parse(stripper(source)))); // NOT OK
43+
44+
const fastJson = require('fast-json-stringify');
45+
sink(fastJson(source)); // NOT OK
4346
}

0 commit comments

Comments
 (0)