Skip to content

Commit c03d69a

Browse files
NapalysNapalys
committed
JS: Add: dataflow step for find, findLast, findLastIndex callback functions
1 parent b64b837 commit c03d69a

File tree

4 files changed

+23
-3
lines changed

4 files changed

+23
-3
lines changed

javascript/ql/lib/semmle/javascript/Arrays.qll

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -483,4 +483,18 @@ private module ArrayLibraries {
483483
)
484484
}
485485
}
486+
487+
/**
488+
* Defines a data flow step that tracks the flow of data through callback functions in arrays.
489+
*/
490+
private class ArrayCallBackDataFlowStep extends PreCallGraphStep {
491+
override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) {
492+
exists(DataFlow::MethodCallNode call |
493+
call.getMethodName() = ["findLast", "find", "findLastIndex"] and
494+
prop = arrayLikeElement() and
495+
obj = call.getReceiver() and
496+
element = call.getCallback(0).getParameter(0)
497+
)
498+
}
499+
}
486500
}

javascript/ql/test/library-tests/Arrays/DataFlow.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,5 +26,8 @@
2626
| arrays.js:53:4:53:11 | "source" | arrays.js:54:10:54:18 | ary.pop() |
2727
| arrays.js:99:31:99:38 | "source" | arrays.js:100:8:100:17 | arr8.pop() |
2828
| arrays.js:103:55:103:62 | "source" | arrays.js:105:8:105:25 | arr8_variant.pop() |
29+
| arrays.js:114:19:114:26 | "source" | arrays.js:115:50:115:53 | item |
2930
| arrays.js:114:19:114:26 | "source" | arrays.js:116:10:116:16 | element |
31+
| arrays.js:120:19:120:26 | "source" | arrays.js:121:46:121:49 | item |
3032
| arrays.js:120:19:120:26 | "source" | arrays.js:122:10:122:16 | element |
33+
| arrays.js:126:19:126:26 | "source" | arrays.js:127:55:127:58 | item |

javascript/ql/test/library-tests/Arrays/TaintFlow.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,5 +30,8 @@
3030
| arrays.js:96:9:96:16 | "source" | arrays.js:96:8:96:36 | ["sourc ... => !!x) |
3131
| arrays.js:99:31:99:38 | "source" | arrays.js:100:8:100:17 | arr8.pop() |
3232
| arrays.js:103:55:103:62 | "source" | arrays.js:105:8:105:25 | arr8_variant.pop() |
33+
| arrays.js:114:19:114:26 | "source" | arrays.js:115:50:115:53 | item |
3334
| arrays.js:114:19:114:26 | "source" | arrays.js:116:10:116:16 | element |
35+
| arrays.js:120:19:120:26 | "source" | arrays.js:121:46:121:49 | item |
3436
| arrays.js:120:19:120:26 | "source" | arrays.js:122:10:122:16 | element |
37+
| arrays.js:126:19:126:26 | "source" | arrays.js:127:55:127:58 | item |

javascript/ql/test/library-tests/Arrays/arrays.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -112,19 +112,19 @@
112112

113113
{ // Test for findLast function
114114
const list = ["source"];
115-
const element = list.findLast((item) => sink(item)); // NOT OK -- Not caught, currently missing dataflow tracking.
115+
const element = list.findLast((item) => sink(item)); // NOT OK
116116
sink(element); // NOT OK
117117
}
118118

119119
{ // Test for find function
120120
const list = ["source"];
121-
const element = list.find((item) => sink(item)); // NOT OK -- Not caught, currently missing dataflow tracking.
121+
const element = list.find((item) => sink(item)); // NOT OK
122122
sink(element); // NOT OK
123123
}
124124

125125
{ // Test for findLastIndex function
126126
const list = ["source"];
127-
const element = list.findLastIndex((item) => sink(item)); // NOT OK -- Not caught, currently missing dataflow tracking.
127+
const element = list.findLastIndex((item) => sink(item)); // NOT OK
128128
sink(element); // OK
129129
}
130130
});

0 commit comments

Comments
 (0)