add model for htmlparser2

Author: erik-krogh

javascript/ql/src/semmle/javascript/frameworks/XmlParsers.qll

@@ -247,6 +247,35 @@ module XML {
     override js::DataFlow::Node getAResult() { result.asExpr() = this }
   }
 
+  /**
+   * An invocation of `htmlparser2`.
+   */
+  private class HtmlParser2Invocation extends XML::ParserInvocation {
+    js::DataFlow::NewNode parser;
+
+    HtmlParser2Invocation() {
+      parser = js::DataFlow::moduleMember("htmlparser2", "Parser").getAnInstantiation() and
+      this = parser.getAMemberCall("write").asExpr()
+    }
+
+    override js::Expr getSourceArgument() { result = getArgument(0) }
+
+    override predicate resolvesEntities(XML::EntityKind kind) {
+      // htmlparser2 does not expand entities.
+      none()
+    }
+
+    override js::DataFlow::Node getAResult() {
+      result =
+        parser
+            .getArgument(0)
+            .getALocalSource()
+            .getAPropertySource()
+            .getAFunctionValue()
+            .getAParameter()
+    }
+  }
+
   private class XMLParserTaintStep extends js::TaintTracking::AdditionalTaintStep {
     XML::ParserInvocation parser;
 

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

@@ -149,3 +149,4 @@ typeInferenceMismatch
 | xml.js:12:17:12:24 | source() | xml.js:13:14:13:19 | result |
 | xml.js:23:18:23:25 | source() | xml.js:20:14:20:17 | attr |
 | xml.js:26:27:26:34 | source() | xml.js:26:10:26:39 | convert ... (), {}) |
+| xml.js:34:18:34:25 | source() | xml.js:31:18:31:21 | name |

javascript/ql/test/library-tests/TaintTracking/xml.js

@@ -25,4 +25,13 @@
     var convert = require('xml-js');
     sink(convert.xml2json(source(), {})); // NOT OK
 
+    const htmlparser2 = require("htmlparser2");
+    const parser = new htmlparser2.Parser({
+        onopentag(name, attributes) {
+            sink(name) // NOT OK
+        }
+    });
+    parser.write(source());
+    parser.end();
+
 })();