Skip to content

Commit 4547d9f

Browse files
hvitvedhvitved
committed
JS: Generate legacy flow steps for all flow summaries
1 parent b426d84 commit 4547d9f

File tree

1 file changed

+25
-7
lines changed

1 file changed

+25
-7
lines changed

javascript/ql/lib/semmle/javascript/frameworks/data/ModelsAsData.qll

Lines changed: 25 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ private import internal.ApiGraphModels as Shared
2121
private import internal.ApiGraphModelsSpecific as Specific
2222
private import semmle.javascript.dataflow.internal.FlowSummaryPrivate
2323
private import semmle.javascript.endpoints.EndpointNaming as EndpointNaming
24+
private import semmle.javascript.dataflow.AdditionalFlowSteps
25+
private import semmle.javascript.dataflow.AdditionalTaintSteps
2426
import Shared::ModelInput as ModelInput
2527
import Shared::ModelOutput as ModelOutput
2628

@@ -118,22 +120,26 @@ private API::Node getNodeFromInputOutputPath(API::InvokeNode baseNode, AccessPat
118120
result = getNodeFromInputOutputPath(baseNode, path, path.getNumToken())
119121
}
120122

121-
private predicate summaryStep(API::Node pred, API::Node succ, string kind) {
123+
private predicate summaryStep(API::Node pred, API::Node succ, string kind, boolean shouldInduceSteps) {
122124
exists(string type, string path, API::InvokeNode base, AccessPath input, AccessPath output |
123-
shouldInduceStepsFromSummary(type, path) and
124125
ModelOutput::relevantSummaryModel(type, path, input, output, kind, _) and
125126
ModelOutput::resolvedSummaryBase(type, path, base) and
126127
pred = getNodeFromInputOutputPath(base, input) and
127-
succ = getNodeFromInputOutputPath(base, output)
128+
succ = getNodeFromInputOutputPath(base, output) and
129+
if shouldInduceStepsFromSummary(type, path)
130+
then shouldInduceSteps = true
131+
else shouldInduceSteps = false
128132
)
129133
}
130134

131135
/**
132136
* Like `ModelOutput::summaryStep` but with API nodes mapped to data-flow nodes.
133137
*/
134-
private predicate summaryStepNodes(DataFlow::Node pred, DataFlow::Node succ, string kind) {
138+
private predicate summaryStepNodes(
139+
DataFlow::Node pred, DataFlow::Node succ, string kind, boolean shouldInduceSteps
140+
) {
135141
exists(API::Node predNode, API::Node succNode |
136-
summaryStep(predNode, succNode, kind) and
142+
summaryStep(predNode, succNode, kind, shouldInduceSteps) and
137143
pred = predNode.asSink() and
138144
succ = succNode.asSource()
139145
)
@@ -142,14 +148,26 @@ private predicate summaryStepNodes(DataFlow::Node pred, DataFlow::Node succ, str
142148
/** Data flow steps induced by summary models of kind `value`. */
143149
private class DataFlowStepFromSummary extends DataFlow::SharedFlowStep {
144150
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
145-
summaryStepNodes(pred, succ, "value")
151+
summaryStepNodes(pred, succ, "value", true)
152+
}
153+
}
154+
155+
private class LegacyDataFlowStepFromSummary extends LegacyFlowStep {
156+
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
157+
summaryStepNodes(pred, succ, "value", false)
146158
}
147159
}
148160

149161
/** Taint steps induced by summary models of kind `taint`. */
150162
private class TaintStepFromSummary extends TaintTracking::SharedTaintStep {
151163
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
152-
summaryStepNodes(pred, succ, "taint")
164+
summaryStepNodes(pred, succ, "taint", true)
165+
}
166+
}
167+
168+
private class LegacyTaintStepFromSummary extends LegacyTaintStep {
169+
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
170+
summaryStepNodes(pred, succ, "taint", false)
153171
}
154172
}
155173

0 commit comments

Comments
 (0)