Skip to content

JS: model composed functions #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from Aug 31, 2018
Merged

JS: model composed functions #115

merged 1 commit into from Aug 31, 2018

Conversation

ghost
Copy link

@ghost ghost commented Aug 29, 2018

This PR adds a taint step for the arguments and return values of composed functions.

In anticipation of a potential merge with a "partial function" model, I have made the implementation private for now.

An evaluation with the security suite on big-apps.slugs flags nothing new, and it does not have a significant performance impact (internal link).

@ghost ghost added the JS label Aug 29, 2018
@ghost ghost self-requested a review as a code owner August 29, 2018 10:47
@ghost ghost added this to the 1.18 milestone Aug 29, 2018
xiemaisi
xiemaisi suggested changes Aug 29, 2018
View reviewed changes
javascript/ql/src/semmle/javascript/frameworks/ComposedFunctions.qll Outdated
fn = composed.getFunction(fnIndex) |
// flow out of the composed call
fnIndex = composed.getNumArgument() - 1 and
pred = fn.getFunction().getAReturnedExpr().flow() and
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pred = fn.getAReturn()

javascript/ql/src/semmle/javascript/frameworks/ComposedFunctions.qll Outdated
// flow through the composed functions
exists (DataFlow::FunctionNode predFn |
predFn = composed.getFunction(fnIndex - 1) |
pred = predFn.getFunction().getAReturnedExpr().flow() and
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto.

@ghost
Copy link
Author

ghost commented Aug 30, 2018

Amended

@xiemaisi
Copy link

Tests succeeded; merging.

@xiemaisi xiemaisi merged commit 69ca103 into github:master Aug 31, 2018
@xiemaisi xiemaisi mentioned this pull request Aug 31, 2018
Merged
@ghost ghost mentioned this pull request Sep 3, 2018
Merged
aibaars added a commit that referenced this pull request Oct 14, 2021
@aibaars
Merge pull request #115 from github/aibaars/dataflow
5bb32b9 
My first dataflow step
smowton added a commit to smowton/codeql that referenced this pull request Dec 6, 2021
@smowton
Merge pull request github#115 from github/smowotn/admin/array-functio…
6716c63 
…n-modifiers

Add modifiers to array built-in functions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
JS
Projects
None yet
Milestone
1.18
Development

Successfully merging this pull request may close these issues.
1 participant
@xiemaisi