Skip to content

Commit 3a069f9

Browse files
Napalysasgerf
Napalys
and
asgerf
committed
Added underscore.string clearsContent.
Co-authored-by: Asgerf <asgerf@github.com>
1 parent 8b431dc commit 3a069f9

File tree

3 files changed

+18
-2
lines changed

3 files changed

+18
-2
lines changed

javascript/ql/lib/javascript.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -143,3 +143,4 @@ import semmle.javascript.linters.ESLint
143143
import semmle.javascript.linters.JSLint
144144
import semmle.javascript.linters.Linting
145145
import semmle.javascript.security.dataflow.RemoteFlowSources
146+
import semmle.javascript.frameworks.UnderscoreDotString

javascript/ql/lib/semmle/javascript/frameworks/UnderscoreDotString.qll

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
private import javascript
2+
private import semmle.javascript.dataflow.internal.AdditionalFlowInternal
3+
4+
private class UnderscoreDotString extends AdditionalFlowInternal {
5+
override predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) {
6+
exists(DataFlow::CallNode call |
7+
call =
8+
ModelOutput::getATypeNode(["'underscore.string'.Wrapper", "'underscore.string'"])
9+
.getAMember()
10+
.getACall() and
11+
node = call.getReceiver().getPostUpdateNode() and
12+
contents = DataFlow::ContentSet::arrayElement()
13+
)
14+
}
15+
}

javascript/ql/test/library-tests/TripleDot/underscore.string.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ function strToStr() {
1111
sink(s.unescapeHTML(source("s8"))); // $ hasTaintFlow=s8
1212
sink(s.wrap(source("s9"), {})); // $ hasTaintFlow=s9
1313
sink(s.dedent(source("s10"), " ")); // $ hasTaintFlow=s10
14-
sink(s.reverse(source("s11"))); // $ hasTaintFlow=s11 SPURIOUS: hasTaintFlow=s8
14+
sink(s.reverse(source("s11"))); // $ hasTaintFlow=s11
1515
sink(s.pred(source("s12"))); // $ hasTaintFlow=s12
1616
sink(s.succ(source("s13"))); // $ hasTaintFlow=s13
1717
sink(s.titleize(source("s14"))); // $ hasTaintFlow=s14
@@ -60,7 +60,7 @@ function multiSource() {
6060
sink(s.join(",", source("s5"), "str")); // $ hasTaintFlow=s5
6161
sink(s.join(",", "str", source("s6"))); // $ hasTaintFlow=s6
6262

63-
sink(s.splice(source("s7"), 1, 2, "str")); // $ hasTaintFlow=s7 SPURIOUS: hasTaintFlow=s8
63+
sink(s.splice(source("s7"), 1, 2, "str")); // $ hasTaintFlow=s7
6464
sink(s.splice("str", 1, 2, source("s8"))); // $ hasTaintFlow=s8
6565

6666
sink(s.prune(source("s9"), 1, "additional")); // $ hasTaintFlow=s9

0 commit comments

Comments
 (0)