Skip to content

Commit 9abaad6

Browse files
asgerfasgerf
committed
JS: MapSet
1 parent 530be38 commit 9abaad6

File tree

1 file changed

+12
-19
lines changed

1 file changed

+12
-19
lines changed

javascript/ql/src/semmle/javascript/Collections.qll

Lines changed: 12 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,11 @@ private import DataFlow::PseudoProperties
1515
private class PseudoProperty extends string {
1616
PseudoProperty() {
1717
this = [arrayLikeElement(), "1"] or // the "1" is required for the `ForOfStep`.
18-
this = any(CollectionDataFlow::MapSet step).getAPseudoProperty()
18+
this =
19+
[
20+
mapValue(any(DataFlow::CallNode c | c.getCalleeName() = "set").getArgument(0)),
21+
mapValueAll()
22+
]
1923
}
2024
}
2125

@@ -216,25 +220,14 @@ private module CollectionDataFlow {
216220
* Otherwise the value will be stored into a pseudo-property corresponding to values with unknown keys.
217221
* The value will additionally be stored into a pseudo-property corresponding to all values.
218222
*/
219-
class MapSet extends CollectionFlowStep, DataFlow::MethodCallNode {
220-
MapSet() { this.getMethodName() = "set" }
221-
222-
override predicate store(DataFlow::Node element, DataFlow::SourceNode obj, PseudoProperty prop) {
223-
this = obj.getAMethodCall() and
224-
element = this.getArgument(1) and
225-
prop = getAPseudoProperty()
223+
class MapSet extends PreCallGraphStep {
224+
override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) {
225+
exists(DataFlow::MethodCallNode call |
226+
call = obj.getAMethodCall("set") and
227+
element = call.getArgument(1) and
228+
prop = [mapValue(call.getArgument(0)), mapValueAll()]
229+
)
226230
}
227-
228-
/**
229-
* Gets a pseudo-property used to store an element in a map.
230-
* The pseudo-property represents both values where the key is a known string value (which is encoded in the pseudo-property),
231-
* and values where the key is unknown.
232-
*
233-
* Additionally, all elements are stored into the pseudo-property `mapValueAll()`.
234-
*
235-
* The return-type is `string` as this predicate is used to define which pseudo-properties exist.
236-
*/
237-
string getAPseudoProperty() { result = [mapValue(this.getArgument(0)), mapValueAll()] }
238231
}
239232

240233
/**

0 commit comments

Comments
 (0)