File tree 1 file changed +36
-1
lines changed
javascript/ql/lib/semmle/javascript
1 file changed +36
-1
lines changed Original file line number Diff line number Diff line change @@ -7,6 +7,41 @@ private import javascript
77/**
88 * An input to a view component, such as React props.
99 */
10- abstract class ViewComponentInput extends ThreatModelSource:: Range {
10+ abstract class ViewComponentInput extends DataFlow:: Node {
11+ /** Gets a string that describes the type of this threat-model source. */
12+ abstract string getSourceType ( ) ;
13+ }
14+
15+ private class ViewComponentInputAsThreatModelSource extends ThreatModelSource:: Range instanceof ViewComponentInput
16+ {
17+ ViewComponentInputAsThreatModelSource ( ) { not isSafeType ( this .asExpr ( ) .getType ( ) ) }
18+
1119 final override string getThreatModel ( ) { result = "view-component-input" }
20+
21+ final override string getSourceType ( ) { result = ViewComponentInput .super .getSourceType ( ) }
22+ }
23+
24+ private predicate isSafeType ( Type t ) {
25+ t instanceof NumberLikeType
26+ or
27+ t instanceof BooleanLikeType
28+ or
29+ t instanceof UndefinedType
30+ or
31+ t instanceof NullType
32+ or
33+ t instanceof VoidType
34+ or
35+ hasSafeTypes ( t , t .( UnionType ) .getNumElementType ( ) )
36+ or
37+ isSafeType ( t .( IntersectionType ) .getAnElementType ( ) )
38+ }
39+
40+ /** Hold if the first `n` components of `t` are safe types. */
41+ private predicate hasSafeTypes ( UnionType t , int n ) {
42+ isSafeType ( t .getElementType ( 0 ) ) and
43+ n = 1
44+ or
45+ isSafeType ( t .getElementType ( n - 1 ) ) and
46+ hasSafeTypes ( t , n - 1 )
1247}
You can’t perform that action at this time.
0 commit comments