Skip to content

Commit 412939d

Browse files
asgerfasgerf
committed
JS: Autoformat
1 parent 5561e8f commit 412939d

File tree

2 files changed

+15
-8
lines changed

2 files changed

+15
-8
lines changed

javascript/ql/src/Security/CWE-094/CodeInjection.ql

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,5 +18,6 @@ import DataFlow::PathGraph
1818

1919
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
2020
where cfg.hasFlowPath(source, sink)
21-
select sink.getNode(), source, sink, "$@ flows to " + sink.getNode().(Sink).getMessageSuffix() + ".",
22-
source.getNode(), "User-provided value"
21+
select sink.getNode(), source, sink,
22+
"$@ flows to " + sink.getNode().(Sink).getMessageSuffix() + ".", source.getNode(),
23+
"User-provided value"

javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -145,16 +145,19 @@ module CodeInjection {
145145
}
146146

147147
/** A sink for code injection via template injection. */
148-
private abstract class TemplateSink extends Sink {
149-
override string getMessageSuffix() { result = "here and is interpreted as a template, which may contain code" }
148+
abstract private class TemplateSink extends Sink {
149+
override string getMessageSuffix() {
150+
result = "here and is interpreted as a template, which may contain code"
151+
}
150152
}
151153

152154
/**
153155
* A value interpreted as as template by the `pug` library.
154156
*/
155157
class PugTemplateSink extends TemplateSink {
156158
PugTemplateSink() {
157-
this = DataFlow::moduleImport(["pug", "jade"]).getAMemberCall(["compile", "render"]).getArgument(0)
159+
this =
160+
DataFlow::moduleImport(["pug", "jade"]).getAMemberCall(["compile", "render"]).getArgument(0)
158161
}
159162
}
160163

@@ -171,10 +174,11 @@ module CodeInjection {
171174
* A value interpreted as a template by the `ejs` library.
172175
*/
173176
class EjsTemplateSink extends TemplateSink {
174-
EjsTemplateSink() { this = DataFlow::moduleImport("ejs").getAMemberCall("render").getArgument(0) }
177+
EjsTemplateSink() {
178+
this = DataFlow::moduleImport("ejs").getAMemberCall("render").getArgument(0)
179+
}
175180
}
176181

177-
178182
/**
179183
* A value interpreted as a template by the `nunjucks` library.
180184
*/
@@ -188,6 +192,8 @@ module CodeInjection {
188192
* A value interpreted as a template by `lodash` or `underscore`.
189193
*/
190194
class LodashUnderscoreTemplateSink extends TemplateSink {
191-
LodashUnderscoreTemplateSink() { this = LodashUnderscore::member("template").getACall().getArgument(0) }
195+
LodashUnderscoreTemplateSink() {
196+
this = LodashUnderscore::member("template").getACall().getArgument(0)
197+
}
192198
}
193199
}

0 commit comments

Comments
 (0)