Skip to content

Commit f76efcb

Browse files
author
Max Schaefer
committed
JavaScript: Fix modelling of Buffer base64 encoders and decoders.
1 parent 3e8e2ca commit f76efcb

File tree

2 files changed

+17
-17
lines changed

2 files changed

+17
-17
lines changed

javascript/ql/src/semmle/javascript/Base64.qll

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -97,23 +97,11 @@ private class Atob extends Base64::Decode::Range, DataFlow::CallNode {
9797
override DataFlow::Node getOutput() { result = this }
9898
}
9999

100-
/** A call to `Buffer.from` with encoding `base64`. */
101-
private class Buffer_from extends Base64::Encode::Range, DataFlow::CallNode {
102-
Buffer_from() {
103-
this = DataFlow::globalVarRef("Buffer").getAMemberCall("from") and
104-
getArgument(1).mayHaveStringValue("base64")
105-
}
106-
107-
override DataFlow::Node getInput() { result = getArgument(0) }
108-
109-
override DataFlow::Node getOutput() { result = this }
110-
}
111-
112100
/**
113101
* A call to `Buffer.prototype.toString` with encoding `base64`, approximated by
114102
* looking for calls to `toString` where the first argument is the string `"base64"`.
115103
*/
116-
private class Buffer_toString extends Base64::Decode::Range, DataFlow::MethodCallNode {
104+
private class Buffer_toString extends Base64::Encode::Range, DataFlow::MethodCallNode {
117105
Buffer_toString() {
118106
getMethodName() = "toString" and
119107
getArgument(0).mayHaveStringValue("base64")
@@ -124,6 +112,18 @@ private class Buffer_toString extends Base64::Decode::Range, DataFlow::MethodCal
124112
override DataFlow::Node getOutput() { result = this }
125113
}
126114

115+
/** A call to `Buffer.from` with encoding `base64`. */
116+
private class Buffer_from extends Base64::Decode::Range, DataFlow::CallNode {
117+
Buffer_from() {
118+
this = DataFlow::globalVarRef("Buffer").getAMemberCall("from") and
119+
getArgument(1).mayHaveStringValue("base64")
120+
}
121+
122+
override DataFlow::Node getInput() { result = getArgument(0) }
123+
124+
override DataFlow::Node getOutput() { result = this }
125+
}
126+
127127
/**
128128
* A call to a base64 encoding function from one of the npm packages
129129
* `base-64`, `js-base64`, `Base64`, or `base64-js`.

javascript/ql/test/library-tests/frameworks/Base64/tests.expected

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
test_Encode
22
| Base64.js:4:17:4:33 | Base64.btoa(data) |
33
| base64-js.js:4:17:4:40 | base64. ... y(data) |
4-
| base64.js:2:17:2:43 | Buffer. ... ase64') |
4+
| base64.js:3:10:3:35 | encoded ... ase64') |
55
| base-64.js:4:17:4:35 | base64.encode(data) |
66
| dom.js:2:17:2:26 | btoa(data) |
77
| js-base64.js:4:17:4:35 | base64.encode(data) |
@@ -11,7 +11,7 @@ test_Encode
1111
test_Encode_input_output
1212
| Base64.js:4:17:4:33 | Base64.btoa(data) | Base64.js:4:29:4:32 | data | Base64.js:4:17:4:33 | Base64.btoa(data) |
1313
| base64-js.js:4:17:4:40 | base64. ... y(data) | base64-js.js:4:36:4:39 | data | base64-js.js:4:17:4:40 | base64. ... y(data) |
14-
| base64.js:2:17:2:43 | Buffer. ... ase64') | base64.js:2:29:2:32 | data | base64.js:2:17:2:43 | Buffer. ... ase64') |
14+
| base64.js:3:10:3:35 | encoded ... ase64') | base64.js:3:10:3:16 | encoded | base64.js:3:10:3:35 | encoded ... ase64') |
1515
| base-64.js:4:17:4:35 | base64.encode(data) | base-64.js:4:31:4:34 | data | base-64.js:4:17:4:35 | base64.encode(data) |
1616
| dom.js:2:17:2:26 | btoa(data) | dom.js:2:22:2:25 | data | dom.js:2:17:2:26 | btoa(data) |
1717
| js-base64.js:4:17:4:35 | base64.encode(data) | js-base64.js:4:31:4:34 | data | js-base64.js:4:17:4:35 | base64.encode(data) |
@@ -21,7 +21,7 @@ test_Encode_input_output
2121
test_Decode
2222
| Base64.js:5:10:5:29 | Base64.atob(encoded) |
2323
| base64-js.js:5:10:5:38 | base64. ... ncoded) |
24-
| base64.js:3:10:3:35 | encoded ... ase64') |
24+
| base64.js:2:17:2:43 | Buffer. ... ase64') |
2525
| base-64.js:5:10:5:31 | base64. ... ncoded) |
2626
| dom.js:3:10:3:22 | atob(encoded) |
2727
| js-base64.js:5:10:5:31 | base64. ... ncoded) |
@@ -31,7 +31,7 @@ test_Decode
3131
test_Decode_input_output
3232
| Base64.js:5:10:5:29 | Base64.atob(encoded) | Base64.js:5:22:5:28 | encoded | Base64.js:5:10:5:29 | Base64.atob(encoded) |
3333
| base64-js.js:5:10:5:38 | base64. ... ncoded) | base64-js.js:5:31:5:37 | encoded | base64-js.js:5:10:5:38 | base64. ... ncoded) |
34-
| base64.js:3:10:3:35 | encoded ... ase64') | base64.js:3:10:3:16 | encoded | base64.js:3:10:3:35 | encoded ... ase64') |
34+
| base64.js:2:17:2:43 | Buffer. ... ase64') | base64.js:2:29:2:32 | data | base64.js:2:17:2:43 | Buffer. ... ase64') |
3535
| base-64.js:5:10:5:31 | base64. ... ncoded) | base-64.js:5:24:5:30 | encoded | base-64.js:5:10:5:31 | base64. ... ncoded) |
3636
| dom.js:3:10:3:22 | atob(encoded) | dom.js:3:15:3:21 | encoded | dom.js:3:10:3:22 | atob(encoded) |
3737
| js-base64.js:5:10:5:31 | base64. ... ncoded) | js-base64.js:5:24:5:30 | encoded | js-base64.js:5:10:5:31 | base64. ... ncoded) |

0 commit comments

Comments
 (0)