Updated WebSocketReceiveNode to match bind functions.

Napalys · Napalys · commit 567a46ebfafe · 2025-04-04T09:26:45.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll
@@ -178,7 +178,15 @@ module ClientWebSocket {
       exists(DataFlow::PropWrite write |
         // write.getBase().getALocalSource() = emitter.getReturn().asSource() and
         write.getPropertyName() = "onmessage" and
-        this = write.getRhs()
+        (
+          this = write.getRhs()
+          or
+          exists(DataFlow::MethodCallNode bindCall |
+            bindCall = write.getRhs() and
+            bindCall.getMethodName() = "bind" and
+            this = bindCall.getReceiver().getAFunctionValue()
+          )
+        )
       )
     }
 
diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js
@@ -67,7 +67,7 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './
 
 const recv_message = function (e) {
     console.log('Received message:', e.data);
-}; // $ MISSING: clientReceive
+}; // $ clientReceive
 
 (function () {
     myWebSocketInstance.onmessage = recv_message.bind(this);
diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected
@@ -7,6 +7,7 @@ clientReceive
 | browser-custom.js:46:37:48:5 | functio ... )\\n    } |
 | browser-custom.js:57:34:60:5 | functio ... ;\\n    } |
 | browser-custom.js:62:50:64:5 | functio ... ;\\n    } |
+| browser-custom.js:68:22:70:1 | functio ... ata);\\n} |
 | browser.js:8:37:10:2 | functio ... ta);\\n\\t} |
 | browser.js:12:21:14:2 | functio ... ata)\\n\\t} |
 | browser.js:24:19:27:2 | functio ... e();\\n\\t} |
@@ -56,6 +57,7 @@ flowSteps
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:58:32:58:37 | e.data |
+| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser.js:25:26:25:31 | e.data |
@@ -70,6 +72,7 @@ flowSteps
 | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:47:46:47:55 | event.data |
 | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:58:32:58:37 | e.data |
 | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:63:48:63:57 | event.data |
+| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:69:38:69:43 | e.data |
 | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:13:40:13:49 | event.data |
 | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data |
 | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data |
