Skip to content

JS: Add support for async readFile #19129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Napalys merged 4 commits into from
Mar 27, 2025
Merged

JS: Add support for async readFile #19129

Napalys merged 4 commits into from
Mar 27, 2025

Conversation

@Napalys
Copy link
Contributor

@Napalys Napalys commented Mar 26, 2025
edited
Loading

This pull request aims to resolve reported issue related to require("fs").promises.readFile() showing no data node found.

@github-actions github-actions bot added the JS label Mar 26, 2025
@Napalys Napalys marked this pull request as ready for review March 27, 2025 07:18
Copilot AI review requested due to automatic review settings March 27, 2025 07:18
@Napalys Napalys requested a review from a team as a code owner March 27, 2025 07:18
Copilot AI reviewed Mar 27, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds support for asynchronous file reading via fs.promises.readFile in our JavaScript security query tests to address the reported issue with missing data nodes. Key changes include:

  • In the test file, an async IIFE is added to read the ".npmrc" file and use its content in an HTTP request.
  • A new markdown change note is added documenting support for async file reads.

Reviewed Changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File Description
javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.js Added an async function to read file data and incorporate it in an HTTP request for security analysis.
javascript/ql/lib/change-notes/2025-03-26-async-fileRead.md Added a change note summarizing the support for async file reads.
Files not reviewed (2)
  • javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll: Language not supported
  • javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected: Language not supported

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

erik-krogh
erik-krogh reviewed Mar 27, 2025
View reviewed changes
Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the motivation for this PR?
With a change like this I had maybe expected a backref to an internal issue? (So a link inside the internal issue to this PR).

My first thought was that this could be done nicer with Promises::valueProp() and a dataflow step.
But looking closer at how getADataNode() is used (directly as a source), I don't think that's an easier (or nicer) solution.

So this solution looks a bit crude to my eyes, but I think it's fine.

The change-note needs to change though.

@Napalys @erik-krogh
Update javascript/ql/lib/change-notes/2025-03-26-async-fileRead.md
d771a91 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
@Napalys Napalys merged commit fdea22f into github:main Mar 27, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@erik-krogh erik-krogh erik-krogh approved these changes

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Napalys @erik-krogh