File tree Expand file tree Collapse file tree 1 file changed +21
-0
lines changed
javascript/ql/src/semmle/javascript/frameworks Expand file tree Collapse file tree 1 file changed +21
-0
lines changed Original file line number Diff line number Diff line change @@ -172,13 +172,34 @@ module Firebase {
172172 DataFlow:: SourceNode snapshot ( ) {
173173 result = snapshot ( _)
174174 }
175+
176+ /**
177+ * Gets a node that is passed as the callback to a `Reference.transaction` call.
178+ */
179+ DataFlow:: SourceNode transactionCallback ( DataFlow:: TypeTracker t ) {
180+ t .start ( ) and
181+ result = ref ( ) .getAMethodCall ( "transaction" ) .getArgument ( 0 ) .getALocalSource ( )
182+ or
183+ exists ( DataFlow:: TypeTracker t2 |
184+ result = transactionCallback ( t2 ) .backtrack ( t2 , t )
185+ )
186+ }
187+
188+ /**
189+ * Gets a node that is passed as the callback to a `Reference.transaction` call.
190+ */
191+ DataFlow:: SourceNode transactionCallback ( ) {
192+ result = transactionCallback ( _)
193+ }
175194
176195 class FirebaseVal extends RemoteFlowSource {
177196 FirebaseVal ( ) {
178197 exists ( string name | this = snapshot ( ) .getAMethodCall ( name ) |
179198 name = "val" or
180199 name = "exportVal"
181200 )
201+ or
202+ this = transactionCallback ( ) .( DataFlow:: FunctionNode ) .getParameter ( 0 )
182203 }
183204
184205 override string getSourceType ( ) {
You can’t perform that action at this time.
0 commit comments