Skip to content

Commit 8f1c5db

Browse files
author
Max Schaefer
committed
JavaScript: Change encoding of member and parameter portals for readability.
1 parent a7ea730 commit 8f1c5db

File tree

7 files changed

+2989
-2989
lines changed

7 files changed

+2989
-2989
lines changed

javascript/documentation/flow-summaries.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -198,11 +198,11 @@ Currently, we model five kinds of portals:
198198

199199
- ``(root <uri>)``, representing the ``module`` object of the main module of the npm package
200200
described by ``<uri>``, which is a URL of the form ``https://www.npmjs.com/package/<pkg>``;
201-
- ``(member <base> <name>)``, representing property ``<name>`` of an object described by
201+
- ``(member <name> <base>)``, representing property ``<name>`` of an object described by
202202
portal ``<base>``;
203203
- ``(instance <base>)``, representing an instance of a (constructor) function or class
204204
described by portal ``base``;
205-
- ``(parameter <base> <i>)``, representing the ``i`` th parameter of a function described by
205+
- ``(parameter <i> <base>)``, representing the ``i`` th parameter of a function described by
206206
portal ``base``;
207207
- ``(return <base>)``, representing the return value of a function described by portal ``base``.
208208

javascript/ql/src/semmle/javascript/dataflow/Portals.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -261,7 +261,7 @@ private class MemberPortal extends CompoundPortal, MkMemberPortal {
261261
MemberPortal::writes(base, prop, result, escapes)
262262
}
263263

264-
override string toString() { result = "(member " + base + " " + prop + ")" }
264+
override string toString() { result = "(member " + prop + " " + base + ")" }
265265
}
266266

267267
private module MemberPortal {
@@ -414,7 +414,7 @@ class ParameterPortal extends CompoundPortal, MkParameterPortal {
414414
ParameterPortal::argument(base, i, result, escapes)
415415
}
416416

417-
override string toString() { result = "(parameter " + base + " " + i + ")" }
417+
override string toString() { result = "(parameter " + i + " " + base + ")" }
418418
}
419419

420420
private module ParameterPortal {

javascript/ql/test/library-tests/Portals/PortalEntry.expected

Lines changed: 1713 additions & 1713 deletions
Large diffs are not rendered by default.

javascript/ql/test/library-tests/Portals/PortalExit.expected

Lines changed: 1034 additions & 1034 deletions
Large diffs are not rendered by default.

javascript/ql/test/query-tests/Security/Summaries/ExtractFlowStepSummaries.expected

Lines changed: 162 additions & 162 deletions
Large diffs are not rendered by default.

javascript/ql/test/query-tests/Security/Summaries/ExtractSinkSummaries.expected

Lines changed: 39 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,39 +1,39 @@
1-
| (member (parameter (member (root https://www.npmjs.com/package/infer-sources) regexpInj) 0) name) | data | RegExpInjection |
2-
| (member (parameter (member (root https://www.npmjs.com/package/infer-sources) regexpInj) 0) name) | taint | RegExpInjection |
3-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) codeInjection) 0) | data | CodeInjection |
4-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) codeInjection) 0) | taint | CodeInjection |
5-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) commandInjection) 0) | data | CommandInjection |
6-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) commandInjection) 0) | taint | CommandInjection |
7-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) hashPass) 0) | data | CodeInjection |
8-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) hashPass) 0) | data | InsufficientPasswordHash |
9-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) hashPass) 0) | taint | CodeInjection |
10-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) hashPass) 0) | taint | InsufficientPasswordHash |
11-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) mkdirp) 0) | taint | TaintedPath |
12-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) multiple) 0) | data | CodeInjection |
13-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) multiple) 0) | data | CommandInjection |
14-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) multiple) 0) | taint | CodeInjection |
15-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) multiple) 0) | taint | CommandInjection |
16-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) redirect) 0) | data | ServerSideUrlRedirect |
17-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) redirect) 0) | taint | ServerSideUrlRedirect |
18-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) reflected) 0) | data | ReflectedXss |
19-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) reflected) 0) | data | StoredXss |
20-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) reflected) 0) | taint | ReflectedXss |
21-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) reflected) 0) | taint | StoredXss |
22-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) regexpInj) 0) | data | RegExpInjection |
23-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) regexpInj) 0) | taint | RegExpInjection |
24-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) remotePropeInjection) 1) | data | RemotePropertyInjection |
25-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) remotePropeInjection) 1) | taint | RemotePropertyInjection |
26-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) sqlInj) 0) | data | SqlInjection |
27-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) sqlInj) 0) | taint | SqlInjection |
28-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) taintedPath) 0) | data | TaintedPath |
29-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) taintedPath) 0) | taint | TaintedPath |
30-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) unsafeDes) 0) | data | UnsafeDeserialization |
31-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) unsafeDes) 0) | taint | UnsafeDeserialization |
32-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) xmlBomb) 0) | data | XmlBomb |
33-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) xmlBomb) 0) | data | Xxe |
34-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) xmlBomb) 0) | taint | XmlBomb |
35-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) xmlBomb) 0) | taint | Xxe |
36-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) xpathInj) 0) | data | XpathInjection |
37-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) xpathInj) 0) | taint | XpathInjection |
38-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) xxe) 0) | data | XmlBomb |
39-
| (parameter (member (root https://www.npmjs.com/package/infer-sources) xxe) 0) | taint | XmlBomb |
1+
| (member name (parameter 0 (member regexpInj (root https://www.npmjs.com/package/infer-sources)))) | data | RegExpInjection |
2+
| (member name (parameter 0 (member regexpInj (root https://www.npmjs.com/package/infer-sources)))) | taint | RegExpInjection |
3+
| (parameter 0 (member codeInjection (root https://www.npmjs.com/package/infer-sources))) | data | CodeInjection |
4+
| (parameter 0 (member codeInjection (root https://www.npmjs.com/package/infer-sources))) | taint | CodeInjection |
5+
| (parameter 0 (member commandInjection (root https://www.npmjs.com/package/infer-sources))) | data | CommandInjection |
6+
| (parameter 0 (member commandInjection (root https://www.npmjs.com/package/infer-sources))) | taint | CommandInjection |
7+
| (parameter 0 (member hashPass (root https://www.npmjs.com/package/infer-sources))) | data | CodeInjection |
8+
| (parameter 0 (member hashPass (root https://www.npmjs.com/package/infer-sources))) | data | InsufficientPasswordHash |
9+
| (parameter 0 (member hashPass (root https://www.npmjs.com/package/infer-sources))) | taint | CodeInjection |
10+
| (parameter 0 (member hashPass (root https://www.npmjs.com/package/infer-sources))) | taint | InsufficientPasswordHash |
11+
| (parameter 0 (member mkdirp (root https://www.npmjs.com/package/infer-sources))) | taint | TaintedPath |
12+
| (parameter 0 (member multiple (root https://www.npmjs.com/package/infer-sources))) | data | CodeInjection |
13+
| (parameter 0 (member multiple (root https://www.npmjs.com/package/infer-sources))) | data | CommandInjection |
14+
| (parameter 0 (member multiple (root https://www.npmjs.com/package/infer-sources))) | taint | CodeInjection |
15+
| (parameter 0 (member multiple (root https://www.npmjs.com/package/infer-sources))) | taint | CommandInjection |
16+
| (parameter 0 (member redirect (root https://www.npmjs.com/package/infer-sources))) | data | ServerSideUrlRedirect |
17+
| (parameter 0 (member redirect (root https://www.npmjs.com/package/infer-sources))) | taint | ServerSideUrlRedirect |
18+
| (parameter 0 (member reflected (root https://www.npmjs.com/package/infer-sources))) | data | ReflectedXss |
19+
| (parameter 0 (member reflected (root https://www.npmjs.com/package/infer-sources))) | data | StoredXss |
20+
| (parameter 0 (member reflected (root https://www.npmjs.com/package/infer-sources))) | taint | ReflectedXss |
21+
| (parameter 0 (member reflected (root https://www.npmjs.com/package/infer-sources))) | taint | StoredXss |
22+
| (parameter 0 (member regexpInj (root https://www.npmjs.com/package/infer-sources))) | data | RegExpInjection |
23+
| (parameter 0 (member regexpInj (root https://www.npmjs.com/package/infer-sources))) | taint | RegExpInjection |
24+
| (parameter 0 (member sqlInj (root https://www.npmjs.com/package/infer-sources))) | data | SqlInjection |
25+
| (parameter 0 (member sqlInj (root https://www.npmjs.com/package/infer-sources))) | taint | SqlInjection |
26+
| (parameter 0 (member taintedPath (root https://www.npmjs.com/package/infer-sources))) | data | TaintedPath |
27+
| (parameter 0 (member taintedPath (root https://www.npmjs.com/package/infer-sources))) | taint | TaintedPath |
28+
| (parameter 0 (member unsafeDes (root https://www.npmjs.com/package/infer-sources))) | data | UnsafeDeserialization |
29+
| (parameter 0 (member unsafeDes (root https://www.npmjs.com/package/infer-sources))) | taint | UnsafeDeserialization |
30+
| (parameter 0 (member xmlBomb (root https://www.npmjs.com/package/infer-sources))) | data | XmlBomb |
31+
| (parameter 0 (member xmlBomb (root https://www.npmjs.com/package/infer-sources))) | data | Xxe |
32+
| (parameter 0 (member xmlBomb (root https://www.npmjs.com/package/infer-sources))) | taint | XmlBomb |
33+
| (parameter 0 (member xmlBomb (root https://www.npmjs.com/package/infer-sources))) | taint | Xxe |
34+
| (parameter 0 (member xpathInj (root https://www.npmjs.com/package/infer-sources))) | data | XpathInjection |
35+
| (parameter 0 (member xpathInj (root https://www.npmjs.com/package/infer-sources))) | taint | XpathInjection |
36+
| (parameter 0 (member xxe (root https://www.npmjs.com/package/infer-sources))) | data | XmlBomb |
37+
| (parameter 0 (member xxe (root https://www.npmjs.com/package/infer-sources))) | taint | XmlBomb |
38+
| (parameter 1 (member remotePropeInjection (root https://www.npmjs.com/package/infer-sources))) | data | RemotePropertyInjection |
39+
| (parameter 1 (member remotePropeInjection (root https://www.npmjs.com/package/infer-sources))) | taint | RemotePropertyInjection |

javascript/ql/test/query-tests/Security/Summaries/ExtractSourceSummaries.expected

Lines changed: 37 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,37 @@
1-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | ClientSideUrlRedirect |
2-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | CodeInjection |
3-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | CommandInjection |
4-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | ConditionalBypass |
5-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | CorsMisconfigurationForCredentials |
6-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | DifferentKindsComparisonBypass |
7-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | DomBasedXss |
8-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | NosqlInjection |
9-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | ReflectedXss |
10-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | RegExpInjection |
11-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | RemotePropertyInjection |
12-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | RequestForgery |
13-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | ServerSideUrlRedirect |
14-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | SqlInjection |
15-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | TaintedFormatString |
16-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | TaintedPath |
17-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | UnsafeDeserialization |
18-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | XmlBomb |
19-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | XpathInjection |
20-
| (parameter (parameter (member (root https://www.npmjs.com/package/infer-sources) listen) 0) 0) | taint | Xxe |
21-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | ClientSideUrlRedirect |
22-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | CodeInjection |
23-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | CommandInjection |
24-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | ConditionalBypass |
25-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | CorsMisconfigurationForCredentials |
26-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | DomBasedXss |
27-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | NosqlInjection |
28-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | RegExpInjection |
29-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | RemotePropertyInjection |
30-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | RequestForgery |
31-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | SqlInjection |
32-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | TaintedFormatString |
33-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | TaintedPath |
34-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | UnsafeDeserialization |
35-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | XmlBomb |
36-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | XpathInjection |
37-
| (return (member (root https://www.npmjs.com/package/infer-sources) cookieSource)) | data | Xxe |
1+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | ClientSideUrlRedirect |
2+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | CodeInjection |
3+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | CommandInjection |
4+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | ConditionalBypass |
5+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | CorsMisconfigurationForCredentials |
6+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | DifferentKindsComparisonBypass |
7+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | DomBasedXss |
8+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | NosqlInjection |
9+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | ReflectedXss |
10+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | RegExpInjection |
11+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | RemotePropertyInjection |
12+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | RequestForgery |
13+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | ServerSideUrlRedirect |
14+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | SqlInjection |
15+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | TaintedFormatString |
16+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | TaintedPath |
17+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | UnsafeDeserialization |
18+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | XmlBomb |
19+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | XpathInjection |
20+
| (parameter 0 (parameter 0 (member listen (root https://www.npmjs.com/package/infer-sources)))) | taint | Xxe |
21+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | ClientSideUrlRedirect |
22+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | CodeInjection |
23+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | CommandInjection |
24+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | ConditionalBypass |
25+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | CorsMisconfigurationForCredentials |
26+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | DomBasedXss |
27+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | NosqlInjection |
28+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | RegExpInjection |
29+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | RemotePropertyInjection |
30+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | RequestForgery |
31+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | SqlInjection |
32+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | TaintedFormatString |
33+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | TaintedPath |
34+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | UnsafeDeserialization |
35+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | XmlBomb |
36+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | XpathInjection |
37+
| (return (member cookieSource (root https://www.npmjs.com/package/infer-sources))) | data | Xxe |

0 commit comments

Comments
 (0)