Skip to content

JS: Modeling of underscore.string package #19049

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Napalys merged 24 commits into from
Mar 20, 2025
Merged

JS: Modeling of underscore.string package #19049

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
e8b233f
Added test cases `underscore.string` string to string.
Napalys Mar 17, 2025
9bca863
Added modeling of `underscore.string` string to string functions.
Napalys Mar 17, 2025
c256b9c
Added `underscore.string` test cases for str to array.
Napalys Mar 17, 2025
30623cd
Added modeling of `underscore.string` for str to array.
Napalys Mar 17, 2025
cd40b6f
Added test cases `underscore.string` array to string.
Napalys Mar 17, 2025
6b105b2
Added modeling `underscore.string` array to string functions.
Napalys Mar 17, 2025
77e1e17
Added test cases `underscore.string` with multiple sources.
Napalys Mar 17, 2025
b59b9c8
Added modeling `underscore.string` of function which contain multiple…
Napalys Mar 17, 2025
25c6fb5
Added chaining tests for `underscore.string` package.
Napalys Mar 17, 2025
ca9ae8a
Added chaining modeling for `underscore.string` package.
Napalys Mar 17, 2025
cccd863
Added test for extra chaining function for `underscore.string`.
Napalys Mar 17, 2025
3a83c8d
Added modeling for extra chaining function from `underscore.string`.
Napalys Mar 17, 2025
dcc1e88
Added test cases for aliases.
Napalys Mar 17, 2025
fc6b779
Added modeling for aliases.
Napalys Mar 17, 2025
eb18c3c
Added test case for `tap`.
Napalys Mar 17, 2025
d8e6d76
Added modeling for `tap` function.
Napalys Mar 17, 2025
2c7562d
Removed `value` from modeling its return value as Wrapper class, sinc…
Napalys Mar 17, 2025
8b431dc
Added change note.
Napalys Mar 17, 2025
922a07d
Added `underscore.string` `clearsContent`.
Napalys Mar 18, 2025
752f02f
Fixed `map` modeling and added test cases.
Napalys Mar 20, 2025
f4ca2dc
Restricted taint to array elements.
Napalys Mar 20, 2025
221cc19
Merge branch 'main' into js/underscore-string
Napalys Mar 20, 2025
ca53e97
Adressed comments.
Napalys Mar 20, 2025
9e78755
Fixed typo in the test cases.
Napalys Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions javascript/ql/lib/javascript.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,3 +143,4 @@ import semmle.javascript.linters.ESLint
import semmle.javascript.linters.JSLint
import semmle.javascript.linters.Linting
import semmle.javascript.security.dataflow.RemoteFlowSources
import semmle.javascript.frameworks.UnderscoreDotString
25 changes: 25 additions & 0 deletions javascript/ql/lib/semmle/javascript/frameworks/UnderscoreDotString.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/**
* Provides classes for modeling data flow behavior of the Underscore.string library (https://www.npmjs.com/package/underscore.string).
*/

private import javascript
private import semmle.javascript.dataflow.internal.AdditionalFlowInternal

/**
* Models data flow for the Underscore.string library.
*/
private class UnderscoreDotString extends AdditionalFlowInternal {
/**
* Holds if a call to an Underscore.string method clears array element content of the receiver.
Comment thread
Napalys marked this conversation as resolved.
Outdated
*/
override predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) {
Comment thread Dismissed
exists(DataFlow::CallNode call |
call =
ModelOutput::getATypeNode(["'underscore.string'.Wrapper", "'underscore.string'"])
.getAMember()
.getACall() and
node = call.getReceiver().getPostUpdateNode() and
contents = DataFlow::ContentSet::arrayElement()
)
}
}
4 changes: 2 additions & 2 deletions javascript/ql/test/library-tests/TripleDot/underscore.string.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ function strToStr() {
sink(s.unescapeHTML(source("s8"))); // $ hasTaintFlow=s8
sink(s.wrap(source("s9"), {})); // $ hasTaintFlow=s9
sink(s.dedent(source("s10"), " ")); // $ hasTaintFlow=s10
sink(s.reverse(source("s11"))); // $ hasTaintFlow=s11 SPURIOUS: hasTaintFlow=s8
sink(s.reverse(source("s11"))); // $ hasTaintFlow=s11
sink(s.pred(source("s12"))); // $ hasTaintFlow=s12
sink(s.succ(source("s13"))); // $ hasTaintFlow=s13
sink(s.titleize(source("s14"))); // $ hasTaintFlow=s14
Expand Down Expand Up @@ -60,7 +60,7 @@ function multiSource() {
sink(s.join(",", source("s5"), "str")); // $ hasTaintFlow=s5
sink(s.join(",", "str", source("s6"))); // $ hasTaintFlow=s6

sink(s.splice(source("s7"), 1, 2, "str")); // $ hasTaintFlow=s7 SPURIOUS: hasTaintFlow=s8
sink(s.splice(source("s7"), 1, 2, "str")); // $ hasTaintFlow=s7
sink(s.splice("str", 1, 2, source("s8"))); // $ hasTaintFlow=s8

sink(s.prune(source("s9"), 1, "additional")); // $ hasTaintFlow=s9
Expand Down