JS: Autoformat

Author: asgerf

javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll

@@ -313,26 +313,26 @@ module TaintTracking {
   cached
   private module Cached {
     /**
-    * Holds if `pred` → `succ` should be considered a taint-propagating
-    * data flow edge, which doesn't fit into a more specific category.
-    */
+     * Holds if `pred` → `succ` should be considered a taint-propagating
+     * data flow edge, which doesn't fit into a more specific category.
+     */
     cached
     predicate genericStep(DataFlow::Node pred, DataFlow::Node succ) {
       any(SharedTaintStep step).step(pred, succ)
     }
 
     /**
-    * Holds if `pred` → `succ` should be considered a taint-propagating
-    * data flow edge, contribued by the heuristics library.
-    */
+     * Holds if `pred` → `succ` should be considered a taint-propagating
+     * data flow edge, contribued by the heuristics library.
+     */
     cached
     predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) {
       any(SharedTaintStep step).heuristicStep(pred, succ)
     }
 
     /**
-    * Holds if `pred -> succ` is an edge contributed by an `AdditionalTaintStep` instance.
-    */
+     * Holds if `pred -> succ` is an edge contributed by an `AdditionalTaintStep` instance.
+     */
     cached
     predicate legacyAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
       any(AdditionalTaintStep step).step(pred, succ)
@@ -344,96 +344,97 @@ module TaintTracking {
     cached
     module Public {
       /**
-      * Holds if `pred` → `succ` should be considered a taint-propagating
-      * data flow edge through a URI library function.
-      */
+       * Holds if `pred` → `succ` should be considered a taint-propagating
+       * data flow edge through a URI library function.
+       */
       cached
       predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).uriStep(pred, succ)
       }
 
       /**
-      * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage.
-      */
+       * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage.
+       */
       cached
       predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).persistentStorageStep(pred, succ)
       }
 
       /**
-      * Holds if `pred -> succ` is a taint propagating data flow edge through the heap.
-      */
+       * Holds if `pred -> succ` is a taint propagating data flow edge through the heap.
+       */
       cached
       predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).heapStep(pred, succ)
       }
 
       /**
-      * Holds if `pred -> succ` is a taint propagating data flow edge through an array.
-      */
+       * Holds if `pred -> succ` is a taint propagating data flow edge through an array.
+       */
       cached
       predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).arrayStep(pred, succ)
       }
 
       /**
-      * Holds if `pred -> succ` is a taint propagating data flow edge through the
-      * properties of a view compenent, such as the `state` or `props` of a React component.
-      */
+       * Holds if `pred -> succ` is a taint propagating data flow edge through the
+       * properties of a view compenent, such as the `state` or `props` of a React component.
+       */
       cached
       predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).viewComponentStep(pred, succ)
       }
 
       /**
-      * Holds if `pred -> succ` is a taint propagating data flow edge through string
-      * concatenation.
-      */
+       * Holds if `pred -> succ` is a taint propagating data flow edge through string
+       * concatenation.
+       */
       cached
       predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).stringConcatenationStep(pred, succ)
       }
 
       /**
-      * Holds if `pred -> succ` is a taint propagating data flow edge through string manipulation
-      * (other than concatenation).
-      */
+       * Holds if `pred -> succ` is a taint propagating data flow edge through string manipulation
+       * (other than concatenation).
+       */
       cached
       predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).stringManipulationStep(pred, succ)
       }
 
       /**
-      *  Holds if `pred` → `succ` should be considered a taint-propagating
-      * data flow edge through data serialization, such as `JSON.stringify`.
-      */
+       *  Holds if `pred` → `succ` should be considered a taint-propagating
+       * data flow edge through data serialization, such as `JSON.stringify`.
+       */
       cached
       predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).serializeStep(pred, succ)
       }
 
       /**
-      * Holds if `pred` → `succ` should be considered a taint-propagating
-      * data flow edge through data deserialization, such as `JSON.parse`.
-      */
+       * Holds if `pred` → `succ` should be considered a taint-propagating
+       * data flow edge through data deserialization, such as `JSON.parse`.
+       */
       cached
       predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).deserializeStep(pred, succ)
       }
 
       /**
-      * Holds if `pred` → `succ` should be considered a taint-propagating
-      * data flow edge through a promise.
-      *
-      * These steps consider a promise object to tainted if it can resolve to
-      * a tainted value.
-      */
+       * Holds if `pred` → `succ` should be considered a taint-propagating
+       * data flow edge through a promise.
+       *
+       * These steps consider a promise object to tainted if it can resolve to
+       * a tainted value.
+       */
       cached
       predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) {
         any(SharedTaintStep step).promiseStep(pred, succ)
       }
     }
   }
+
   import Cached::Public
 
   /**

javascript/ql/src/semmle/javascript/frameworks/AsyncPackage.qll

@@ -168,12 +168,14 @@ module AsyncPackage {
    */
   private class IterationOutputTaintStep extends TaintTracking::SharedTaintStep {
     override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-      exists(DataFlow::FunctionNode iteratee, DataFlow::FunctionNode final, int i, IterationCall call |
+      exists(
+        DataFlow::FunctionNode iteratee, DataFlow::FunctionNode final, int i, IterationCall call
+      |
         iteratee = call.getIteratorCallback().getALocalSource() and
         final = call.getFinalCallback() and // Require a closure to avoid spurious call/return mismatch.
         pred = getLastParameter(iteratee).getACall().getArgument(i) and
         succ = final.getParameter(i) and
-        exists (string name | name = call.getName() |
+        exists(string name | name = call.getName() |
           name = "concat" or
           name = "map" or
           name = "reduce" or

javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll

@@ -9,7 +9,8 @@ import javascript
  *
  * A taint propagating data flow edge arising from an operation in a URI library.
  */
-deprecated abstract class UriLibraryStep extends DataFlow::ValueNode, TaintTracking::AdditionalTaintStep { }
+abstract deprecated class UriLibraryStep extends DataFlow::ValueNode,
+  TaintTracking::AdditionalTaintStep { }
 
 /**
  * Provides classes for working with [urijs](http://medialize.github.io/URI.js/) code.
@@ -298,7 +299,9 @@ private module ClosureLibraryUri {
    */
   private class ArgumentStep extends TaintTracking::SharedTaintStep {
     override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
-      exists(DataFlow::InvokeNode invoke, int arg | pred = invoke.getArgument(arg) and succ = invoke |
+      exists(DataFlow::InvokeNode invoke, int arg |
+        pred = invoke.getArgument(arg) and succ = invoke
+      |
         // goog.Uri constructor
         invoke = Closure::moduleImport("goog.Uri").getAnInstantiation() and arg = 0
         or

javascript/ql/src/semmle/javascript/heuristics/AdditionalTaintSteps.qll

@@ -12,9 +12,7 @@ import javascript
  * The target of a heuristic additional flow step in a security query.
  */
 deprecated class HeuristicAdditionalTaintStep extends DataFlow::Node {
-  HeuristicAdditionalTaintStep() {
-    any(TaintTracking::SharedTaintStep step).heuristicStep(_, this)
-  }
+  HeuristicAdditionalTaintStep() { any(TaintTracking::SharedTaintStep step).heuristicStep(_, this) }
 }
 
 /**

javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll

@@ -338,7 +338,7 @@ module DomBasedXss {
   /**
    * A Vue `v-html` attribute, viewed as an XSS sink.
    */
-  class VHtmlSink extends Vue::VHtmlAttribute, DomBasedXss::Sink {}
+  class VHtmlSink extends Vue::VHtmlAttribute, DomBasedXss::Sink { }
 
   /**
    * A property read from a safe property is considered a sanitizer.