JS: Workaround ascii PR check

asgerf · asgerf · commit 4337c5adafe5 · 2020-10-16T07:12:29.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Angular2.qll b/javascript/ql/src/semmle/javascript/frameworks/Angular2.qll
@@ -198,13 +198,20 @@ module Angular2 {
     }
   }
 
+  private string getInternalName(string name) {
+    exists(Identifier id |
+      result = id.getName() and
+      name = result.regexpCapture("\\u0275(DomAdapter|getDOM)", 1)
+    )
+  }
+
   /** Gets a reference to a `DomAdapter`, which provides acess to raw DOM elements. */
   private DataFlow::SourceNode domAdapter() {
-    // Note: these are internal properties, prefixed with the theta character "ɵ".
+    // Note: these are internal properties, prefixed with the "latin small letter barred O (U+0275)" character.
     // Despite being internal, some codebases do access them.
-    result.hasUnderlyingType("@angular/common", "ɵDomAdapter")
+    result.hasUnderlyingType("@angular/common", getInternalName("DomAdapter"))
     or
-    result = DataFlow::moduleImport("@angular/common").getAMemberCall("ɵgetDOM")
+    result = DataFlow::moduleImport("@angular/common").getAMemberCall(getInternalName("getDOM"))
   }
 
   /** A reference to the DOM location obtained through `DomAdapter.getLocation()`. */
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/XssWithAdditionalSources.expected
@@ -15,6 +15,50 @@ nodes
 | addEventListener.js:12:24:12:28 | event |
 | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:33 | event.data |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() |
+| angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params |
+| angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams |
+| angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters |
+| angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params |
+| angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
 | exception-xss.js:2:6:2:28 | foo |
 | exception-xss.js:2:12:2:28 | document.location |
 | exception-xss.js:2:12:2:28 | document.location |
@@ -509,6 +553,34 @@ edges
 | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment | angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') | angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') | angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') | angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path | angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') | angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:37:44:37:58 | this.router.url | angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') | angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
 | exception-xss.js:2:6:2:28 | foo | exception-xss.js:86:17:86:19 | foo |
 | exception-xss.js:2:6:2:28 | foo | exception-xss.js:86:17:86:19 | foo |
 | exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo |
