Skip to content

Commit fc3f5ad

Browse files
erik-krogherik-krogh
committed
more source code examples in PackageExports.qll 
1 parent 28eef26 commit fc3f5ad

File tree

1 file changed

+19
-0
lines changed

1 file changed

+19
-0
lines changed

javascript/ql/src/semmle/javascript/PackageExports.qll

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,11 +20,17 @@ DataFlow::ParameterNode getALibraryInputParameter() {
2020
* Gets a value exported by the main module from a named `package.json` file.
2121
*/
2222
private DataFlow::Node getAValueExportedByPackage() {
23+
// The base case, an export from a named `package.json` file.
2324
result =
2425
getAnExportFromModule(any(PackageJSON pack | exists(pack.getPackageName())).getMainModule())
2526
or
27+
// module.exports.bar.baz = result;
2628
result = getAValueExportedByPackage().(DataFlow::PropWrite).getRhs()
2729
or
30+
// class Foo {
31+
// bar() {} // <- result
32+
// };
33+
// module.exports = new Foo();
2834
exists(DataFlow::SourceNode callee |
2935
callee = getAValueExportedByPackage().(DataFlow::NewNode).getCalleeNode().getALocalSource()
3036
|
@@ -35,14 +41,21 @@ private DataFlow::Node getAValueExportedByPackage() {
3541
or
3642
result = getAValueExportedByPackage().getALocalSource()
3743
or
44+
// Nested property reads.
3845
result = getAValueExportedByPackage().(DataFlow::SourceNode).getAPropertyReference()
3946
or
47+
// module.exports.foo = require("./other-module.js");
4048
exists(Module mod |
4149
mod = getAValueExportedByPackage().getEnclosingExpr().(Import).getImportedModule()
4250
|
4351
result = getAnExportFromModule(mod)
4452
)
4553
or
54+
// module.exports = class Foo {
55+
// bar() {} // <- result
56+
// static baz() {} // <- result
57+
// constructor() {} // <- result
58+
// };
4659
exists(DataFlow::ClassNode cla | cla = getAValueExportedByPackage() |
4760
result = cla.getAnInstanceMethod() or
4861
result = cla.getAStaticMethod() or
@@ -72,6 +85,12 @@ private DataFlow::Node getAValueExportedByPackage() {
7285
)
7386
or
7487
// the exported value is a call to a unique callee
88+
// ```JavaScript
89+
// module.exports = foo();
90+
// function foo() {
91+
// return result;
92+
// }
93+
// ```
7594
exists(DataFlow::CallNode call | call = getAValueExportedByPackage() |
7695
result = unique( | | call.getCalleeNode().getAFunctionValue()).getAReturn()
7796
)

0 commit comments

Comments
 (0)