Skip to content

Commit ee0b65a

Browse files
kyprizelkyprizel
committed
Added experimental SockJS support
1 parent 16f2957 commit ee0b65a

File tree

2 files changed

+64
-0
lines changed

2 files changed

+64
-0
lines changed

javascript/ql/src/experimental/SockJS/SockJS.qll

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
/**
2+
* Provides classes for working with [SockJS](http://sockjs.org).
3+
*/
4+
5+
import javascript
6+
import DataFlow::PathGraph
7+
8+
/**
9+
* A model of the `SockJS` websocket data handler (https://sockjs.org).
10+
*/
11+
module SockJS {
12+
class SourceFromSocketJS extends RemoteFlowSource {
13+
/**
14+
* Access to user-controlled data object received from websocket
15+
* For example:
16+
* ```
17+
* server.on('connection', function(conn) {
18+
* conn.on('data', function(message) {
19+
* ...
20+
* });
21+
* });
22+
* ```
23+
*/
24+
SourceFromSocketJS() {
25+
exists(DataFlow::CallNode createServer,
26+
DataFlow::CallNode connNode,
27+
DataFlow::CallNode dataHandlerNode |
28+
createServer = appCreation() and
29+
connNode = createServer.getAMethodCall("on") and
30+
connNode.getArgument(0).getStringValue() = "connection" and
31+
dataHandlerNode = connNode.getCallback(1).getParameter(0).getAMethodCall("on") and
32+
dataHandlerNode.getArgument(0).getStringValue() = "data" and
33+
this = dataHandlerNode.getCallback(1).getParameter(0)
34+
)
35+
}
36+
37+
override string getSourceType() { result = "input from SockJS WebSocket" }
38+
}
39+
40+
/**
41+
* Gets a new SockJS server.
42+
*/
43+
private DataFlow::CallNode appCreation() {
44+
result = DataFlow::moduleImport("sockjs").getAMemberCall("createServer")
45+
or
46+
result = DataFlow::moduleMember("sockjs", "createServer")
47+
}
48+
}

javascript/ql/src/experimental/SockJS/examples/server.js

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
const express = require('express');
2+
const http = require('http');
3+
const sockjs = require('sockjs');
4+
5+
const app = express();
6+
const server = http.createServer(app);
7+
const sockjs_echo = sockjs.createServer({});
8+
sockjs_echo.on('connection', function(conn) {
9+
conn.on('data', function(message) {
10+
var data = JSON.parse(message);
11+
conn.write(JSON.stringify(eval(data.test)));
12+
});
13+
});
14+
15+
sockjs_echo.installHandlers(server, {prefix:'/echo'});
16+
server.listen(9090, '127.0.0.1');

0 commit comments

Comments
 (0)