JS: address review comments

Esben Sparre Andreasen · Esben Sparre Andreasen · commit 97edfc552451 · 2019-02-25T12:17:56.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Vue.qll b/javascript/ql/src/semmle/javascript/frameworks/Vue.qll
@@ -416,7 +416,7 @@ module Vue {
   module Template {
     // Currently only supports HTML elements, but it may be possible to parse simple string templates later
     private newtype TElement =
-      MkHtmlElement(HTML::Element e) { exists(VueFile f | e.getFile() = f) }
+      MkHtmlElement(HTML::Element e) { e.getFile() instanceof VueFile }
 
     /**
      * An element of a template.
@@ -430,7 +430,7 @@ module Vue {
        * The location spans column `startcolumn` of line `startline` to
        * column `endcolumn` of line `endline` in file `filepath`.
        * For more information, see
-       * [LGTM locations](https://lgtm.com/help/ql/locations).
+       * [locations](https://help.semmle.com/QL/learn-ql/ql/locations.html).
        */
       predicate hasLocationInfo(
         string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -442,6 +442,11 @@ module Vue {
         endcolumn = 0
       }
 
+      /**
+       * Gets the name of this element.
+       *
+       * For example, the name of `<br>` is `br`.
+       */
       abstract string getName();
     }
 
@@ -461,6 +466,9 @@ module Vue {
 
       override string getName() { result = elem.getName() }
 
+      /**
+       * Gets the HTML element of this element.
+       */
       HTML::Element getElement() { result = elem }
     }
   }
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -204,6 +204,10 @@ module DomBasedXss {
   class VHtmlSink extends DomBasedXss::Sink {
     HTML::Attribute attr;
     VHtmlSink() { this.(DataFlow::HtmlAttributeNode).getAttribute() = attr and attr.getName() = "v-html" }
+
+    /**
+     * Gets the HTML attribute of this sink.
+     */
     HTML::Attribute getAttr() {
       result = attr
     }
@@ -212,6 +216,10 @@ module DomBasedXss {
   /**
    * A taint propagating data flow edge through a string interpolation of a
    * Vue instance property to a `v-html` attribute.
+   *
+   * As an example, `<div v-html="prop"/>` reads the `prop` property
+   * of `inst = new Vue({ ..., data: { prop: source } })`, if the
+   * `div` element is part of the template for `inst`.
    */
   class VHtmlSourceWrite extends TaintTracking::AdditionalTaintStep {
     VHtmlSink attr;
