Skip to content

Commit 7c4f9f9

Browse files
erik-krogherik-krogh
authored
Merge pull request #8422 from erik-krogh/depMore
JS: Address some code that weren't affecting any query result
2 parents aada8d3 + 7d6700a commit 7c4f9f9

34 files changed

+98
-147
lines changed

javascript/ql/lib/change-notes/2022-02-14-deprecated-predicates.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
category: deprecated
3+
---
4+
* Some predicates from `DefUse.qll`, `DataFlow.qll`, `TaintTracking.qll`, `DOM.qll`, `Definitions.qll` that weren't used by any query have been deprecated.
5+
The documentation for each predicate points to an alternative.

javascript/ql/lib/semmle/javascript/DefUse.qll

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -249,8 +249,9 @@ class VarUse extends ControlFlowNode, @varref {
249249
/**
250250
* Holds if the definition of `v` in `def` reaches `use` along some control flow path
251251
* without crossing another definition of `v`.
252+
* DEPRECATED: Use the `SSA.qll` library instead.
252253
*/
253-
predicate definitionReaches(Variable v, VarDef def, VarUse use) {
254+
deprecated predicate definitionReaches(Variable v, VarDef def, VarUse use) {
254255
v = use.getVariable() and
255256
exists(BasicBlock bb, int i, int next | next = nextDefAfter(bb, v, i, def) |
256257
exists(int j | j in [i + 1 .. next - 1] | bb.useAt(j, v, use))
@@ -265,24 +266,28 @@ predicate definitionReaches(Variable v, VarDef def, VarUse use) {
265266
/**
266267
* Holds if the definition of local variable `v` in `def` reaches `use` along some control flow path
267268
* without crossing another definition of `v`.
269+
* DEPRECATED: Use the `SSA.qll` library instead.
268270
*/
269-
predicate localDefinitionReaches(LocalVariable v, VarDef def, VarUse use) {
271+
deprecated predicate localDefinitionReaches(LocalVariable v, VarDef def, VarUse use) {
270272
exists(SsaExplicitDefinition ssa |
271273
ssa.defines(def, v) and
272274
ssa = getAPseudoDefinitionInput*(use.getSsaVariable().getDefinition())
273275
)
274276
}
275277

276-
/** Holds if `nd` is a pseudo-definition and the result is one of its inputs. */
277-
private SsaDefinition getAPseudoDefinitionInput(SsaDefinition nd) {
278+
/**
279+
* Holds if `nd` is a pseudo-definition and the result is one of its inputs.
280+
* DEPRECATED: Use the `SSA.qll` library instead.
281+
*/
282+
deprecated private SsaDefinition getAPseudoDefinitionInput(SsaDefinition nd) {
278283
result = nd.(SsaPseudoDefinition).getAnInput()
279284
}
280285

281286
/**
282287
* Holds if `d` is a definition of `v` at index `i` in `bb`, and the result is the next index
283288
* in `bb` after `i` at which the same variable is defined, or `bb.length()` if there is none.
284289
*/
285-
private int nextDefAfter(BasicBlock bb, Variable v, int i, VarDef d) {
290+
deprecated private int nextDefAfter(BasicBlock bb, Variable v, int i, VarDef d) {
286291
bb.defAt(i, v, d) and
287292
result =
288293
min(int jj |
@@ -296,8 +301,9 @@ private int nextDefAfter(BasicBlock bb, Variable v, int i, VarDef d) {
296301
*
297302
* This is the case if there is a path from `earlier` to `later` that does not cross
298303
* another definition of `v`.
304+
* DEPRECATED: Use the `SSA.qll` library instead.
299305
*/
300-
predicate localDefinitionOverwrites(LocalVariable v, VarDef earlier, VarDef later) {
306+
deprecated predicate localDefinitionOverwrites(LocalVariable v, VarDef earlier, VarDef later) {
301307
exists(BasicBlock bb, int i, int next | next = nextDefAfter(bb, v, i, earlier) |
302308
bb.defAt(next, v, later)
303309
or

javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1718,5 +1718,5 @@ module DataFlow {
17181718
import TypeTracking
17191719
import internal.FunctionWrapperSteps
17201720

1721-
predicate localTaintStep = TaintTracking::localTaintStep/2;
1721+
deprecated predicate localTaintStep = TaintTracking::localTaintStep/2;
17221722
}

javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -429,9 +429,10 @@ module TaintTracking {
429429

430430
/**
431431
* Holds if `pred -> succ` is a taint propagating data flow edge through a string operation.
432+
* DEPRECATED: Use `stringConcatenationStep` and `stringManipulationStep` instead.
432433
*/
433434
pragma[inline]
434-
predicate stringStep(DataFlow::Node pred, DataFlow::Node succ) {
435+
deprecated predicate stringStep(DataFlow::Node pred, DataFlow::Node succ) {
435436
stringConcatenationStep(pred, succ) or
436437
stringManipulationStep(pred, succ)
437438
}
@@ -1242,8 +1243,9 @@ module TaintTracking {
12421243

12431244
/**
12441245
* Holds if taint propagates from `pred` to `succ` in one local (intra-procedural) step.
1246+
* DEPRECATED: Use `TaintTracking::sharedTaintStep` and `DataFlow::Node::getALocalSource()` instead.
12451247
*/
1246-
predicate localTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
1248+
deprecated predicate localTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
12471249
DataFlow::localFlowStep(pred, succ) or
12481250
sharedTaintStep(pred, succ)
12491251
}

javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32,15 +32,22 @@ predicate isLocation(Expr e) {
3232
}
3333

3434
/**
35+
* DEPRECATED: Use DOM::documentRef() instead.
3536
* Gets a reference to the 'document' object.
3637
*/
37-
DataFlow::SourceNode document() { result = DOM::documentRef() }
38+
deprecated DataFlow::SourceNode document() { result = DOM::documentRef() }
3839

39-
/** Holds if `e` could refer to the `document` object. */
40-
predicate isDocument(Expr e) { DOM::documentRef().flowsToExpr(e) }
40+
/**
41+
* DEPRECATED: Use DOM::documentRef() instead.
42+
* Holds if `e` could refer to the `document` object.
43+
*/
44+
deprecated predicate isDocument(Expr e) { DOM::documentRef().flowsToExpr(e) }
4145

42-
/** Holds if `e` could refer to the document URL. */
43-
predicate isDocumentUrl(Expr e) { e.flow() = DOM::locationSource() }
46+
/**
47+
* DEPRECATED: Use DOM::locationSource() instead.
48+
* Holds if `e` could refer to the document URL.
49+
*/
50+
deprecated predicate isDocumentUrl(Expr e) { e.flow() = DOM::locationSource() }
4451

4552
/** DEPRECATED: Alias for isDocumentUrl */
4653
deprecated predicate isDocumentURL = isDocumentUrl/1;

javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,11 @@ class Configuration extends TaintTracking::Configuration {
2626
guard instanceof TaintedObject::SanitizerGuard
2727
}
2828

29+
override predicate isSanitizer(DataFlow::Node node) {
30+
super.isSanitizer(node) or
31+
node instanceof Sanitizer
32+
}
33+
2934
override predicate isAdditionalFlowStep(
3035
DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
3136
) {

javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,11 @@ class Configuration extends DataFlow::Configuration {
1919

2020
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
2121

22+
override predicate isBarrier(DataFlow::Node node) {
23+
super.isBarrier(node) or
24+
node instanceof Sanitizer
25+
}
26+
2227
override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
2328
exists(Base64::Encode encode | src = encode.getInput() and trg = encode.getOutput())
2429
or

javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,4 +31,9 @@ class Configuration extends DataFlow::Configuration {
3131
override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
3232
sink.(Sink).getALabel() = label
3333
}
34+
35+
override predicate isBarrier(DataFlow::Node node) {
36+
super.isBarrier(node) or
37+
node instanceof Sanitizer
38+
}
3439
}

javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,8 @@ module UnvalidatedDynamicMethodCall {
3434

3535
/**
3636
* A sanitizer for unvalidated dynamic method calls.
37+
* Override the `sanitizes` predicate to specify an edge that should be sanitized.
38+
* The `this` value is not seen as a sanitizer.
3739
*/
3840
abstract class Sanitizer extends DataFlow::Node {
3941
abstract predicate sanitizes(DataFlow::Node source, DataFlow::Node sink, DataFlow::FlowLabel lbl);

javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,11 @@ class Configuration extends TaintTracking::Configuration {
3838
sink.(Sink).getFlowLabel() = label
3939
}
4040

41-
override predicate isSanitizer(DataFlow::Node nd) { super.isSanitizer(nd) }
41+
override predicate isSanitizerEdge(
42+
DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel lbl
43+
) {
44+
any(Sanitizer s).sanitizes(pred, succ, lbl)
45+
}
4246

4347
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
4448
guard instanceof NumberGuard or

javascript/ql/src/Declarations/Definitions.qll

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,10 @@
11
import javascript
22

3-
/** An identifier appearing in a defining position. */
4-
class DefiningIdentifier extends Identifier {
3+
/**
4+
* DEPRECATED: Use `SsaDefinition` from `SSA.qll` instead.
5+
* An identifier appearing in a defining position.
6+
*/
7+
deprecated class DefiningIdentifier extends Identifier {
58
DefiningIdentifier() {
69
this instanceof VarDecl or
710
exists(Assignment assgn | this = assgn.getLhs()) or

javascript/ql/src/experimental/semmle/javascript/security/dataflow/ResourceExhaustion.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,11 @@ module ResourceExhaustion {
2323

2424
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
2525

26+
override predicate isSanitizer(DataFlow::Node node) {
27+
super.isSanitizer(node) or
28+
node instanceof Sanitizer
29+
}
30+
2631
override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) {
2732
isNumericFlowStep(src, dst)
2833
or

javascript/ql/test/library-tests/Classes/AccessorMethods.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ClassDefinition_getName.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ClassDefinition_getSuperClass.qll

Lines changed: 0 additions & 5 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ClassDefinitions.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ClassFlow.qll

Lines changed: 0 additions & 17 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ClassNodeConstructor.qll

Lines changed: 0 additions & 5 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ClassNodeInstanceMethod.qll

Lines changed: 0 additions & 7 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ClassNodeStaticMethod.qll

Lines changed: 0 additions & 7 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ComputedMethods.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/ConstructorDefinitions.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/FieldInits.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/Fields.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/MethodDefinitions.qll

Lines changed: 0 additions & 7 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/MethodNames.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/NewTargetExpr.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/PrivateField.qll

Lines changed: 0 additions & 6 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/StaticMethods.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/SuperExpr.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/SyntheticConstructors.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/Classes/getAMember.qll

Lines changed: 0 additions & 3 deletions
This file was deleted.

javascript/ql/test/library-tests/DefUse/DefUsePair.expected

Lines changed: 30 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,30 @@
1-
| classes.js:1:1:2:1 | class Foo {\\n} | classes.js:4:1:4:3 | Foo |
2-
| classes.js:7:5:8:5 | class L ... {\\n } | classes.js:10:5:10:12 | LocalFoo |
3-
| es2015.js:1:10:1:11 | fn | es2015.js:2:3:2:4 | fn |
4-
| es2015.js:5:16:5:16 | i | es2015.js:5:32:5:32 | i |
5-
| es2015.js:5:16:5:16 | i | es2015.js:5:34:5:34 | i |
6-
| es2015modules.js:1:10:1:12 | foo | es2015modules.js:4:3:4:5 | foo |
7-
| es2015modules.js:1:15:1:24 | bar as baz | es2015modules.js:6:3:6:5 | baz |
8-
| es2015modules.js:10:10:10:13 | quux | es2015modules.js:7:3:7:6 | quux |
9-
| es2015modules.js:15:17:15:17 | f | es2015modules.js:12:1:12:1 | f |
10-
| es2015modules.js:16:25:16:25 | g | es2015modules.js:13:1:13:1 | g |
11-
| fundecls.js:3:12:3:12 | f | fundecls.js:4:3:4:3 | f |
12-
| fundecls.js:9:10:9:10 | s | fundecls.js:7:1:7:1 | s |
13-
| fundecls.js:12:12:12:12 | f | fundecls.js:10:3:10:3 | f |
14-
| fundecls.js:18:12:18:12 | f | fundecls.js:17:3:17:3 | f |
15-
| fundecls.js:23:12:23:12 | f | fundecls.js:24:3:24:3 | f |
16-
| fundecls.js:34:12:34:12 | f | fundecls.js:35:3:35:3 | f |
17-
| fundecls.js:39:11:39:11 | x | fundecls.js:40:7:40:7 | x |
18-
| fundecls.js:41:14:41:14 | f | fundecls.js:45:3:45:3 | f |
19-
| fundecls.js:43:14:43:14 | f | fundecls.js:45:3:45:3 | f |
20-
| fundecls.js:48:11:48:11 | x | fundecls.js:50:7:50:7 | x |
21-
| tst.js:1:12:1:12 | o | tst.js:3:12:3:12 | o |
22-
| tst.js:1:12:1:12 | o | tst.js:5:16:5:16 | o |
23-
| tst.js:2:9:2:14 | y = 23 | tst.js:8:17:8:17 | y |
24-
| tst.js:2:17:2:21 | i = 0 | tst.js:4:5:4:5 | i |
25-
| tst.js:2:17:2:21 | i = 0 | tst.js:7:6:7:6 | i |
26-
| tst.js:4:3:4:5 | ++i | tst.js:4:5:4:5 | i |
27-
| tst.js:4:3:4:5 | ++i | tst.js:7:6:7:6 | i |
28-
| tst.js:5:11:5:11 | z | tst.js:6:7:6:7 | z |
29-
| tst.js:5:11:5:11 | z | tst.js:8:14:8:14 | z |
30-
| tst.js:7:4:7:6 | --i | tst.js:7:6:7:6 | i |
31-
| tst.js:12:2:12:7 | x = 42 | tst.js:14:9:14:9 | x |
32-
| tst.js:19:11:19:11 | x | tst.js:18:9:18:9 | x |
33-
| tst.js:23:6:23:23 | {a = b, c = d} = e | tst.js:24:2:24:2 | a |
34-
| tst.js:23:6:23:23 | {a = b, c = d} = e | tst.js:24:6:24:6 | c |
35-
| tst.js:26:11:26:11 | a | tst.js:27:2:27:2 | a |
1+
| classes.js:7:5:8:5 | def@7:5 | classes.js:10:5:10:12 | LocalFoo |
2+
| es2015.js:1:10:1:11 | def@1:10 | es2015.js:2:3:2:4 | fn |
3+
| es2015.js:5:16:5:16 | def@5:16 | es2015.js:5:32:5:32 | i |
4+
| es2015.js:5:16:5:16 | def@5:16 | es2015.js:5:34:5:34 | i |
5+
| es2015modules.js:1:10:1:12 | def@1:10 | es2015modules.js:4:3:4:5 | foo |
6+
| es2015modules.js:1:15:1:24 | def@1:15 | es2015modules.js:6:3:6:5 | baz |
7+
| es2015modules.js:10:10:10:13 | def@10:10 | es2015modules.js:7:3:7:6 | quux |
8+
| es2015modules.js:15:17:15:17 | def@15:17 | es2015modules.js:12:1:12:1 | f |
9+
| es2015modules.js:16:25:16:25 | def@16:25 | es2015modules.js:13:1:13:1 | g |
10+
| fundecls.js:3:12:3:12 | def@3:12 | fundecls.js:4:3:4:3 | f |
11+
| fundecls.js:12:12:12:12 | def@12:12 | fundecls.js:10:3:10:3 | f |
12+
| fundecls.js:18:12:18:12 | def@18:12 | fundecls.js:17:3:17:3 | f |
13+
| fundecls.js:23:12:23:12 | def@23:12 | fundecls.js:24:3:24:3 | f |
14+
| fundecls.js:27:2:27:2 | implicitInit@27:2 | fundecls.js:28:3:28:3 | f |
15+
| fundecls.js:34:12:34:12 | def@34:12 | fundecls.js:35:3:35:3 | f |
16+
| fundecls.js:39:11:39:11 | def@39:11 | fundecls.js:40:7:40:7 | x |
17+
| fundecls.js:45:3:45:3 | phi@45:3 | fundecls.js:45:3:45:3 | f |
18+
| fundecls.js:48:11:48:11 | def@48:11 | fundecls.js:50:7:50:7 | x |
19+
| tst.js:1:12:1:12 | def@1:12 | tst.js:3:12:3:12 | o |
20+
| tst.js:1:12:1:12 | def@1:12 | tst.js:5:16:5:16 | o |
21+
| tst.js:2:9:2:14 | def@2:9 | tst.js:8:17:8:17 | y |
22+
| tst.js:3:2:3:2 | phi@3:2 | tst.js:4:5:4:5 | i |
23+
| tst.js:5:2:5:2 | phi@5:2 | tst.js:7:6:7:6 | i |
24+
| tst.js:5:2:5:2 | phi@5:2 | tst.js:8:14:8:14 | z |
25+
| tst.js:5:11:5:11 | def@5:11 | tst.js:6:7:6:7 | z |
26+
| tst.js:12:2:12:7 | def@12:2 | tst.js:14:9:14:9 | x |
27+
| tst.js:19:11:19:11 | def@19:11 | tst.js:18:9:18:9 | x |
28+
| tst.js:23:6:23:23 | def@23:6 | tst.js:24:2:24:2 | a |
29+
| tst.js:23:6:23:23 | def@23:6 | tst.js:24:6:24:6 | c |
30+
| tst.js:26:11:26:11 | def@26:11 | tst.js:27:2:27:2 | a |

javascript/ql/test/library-tests/DefUse/DefUsePair.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import javascript
22

3-
from VarDef def, VarUse use
4-
where definitionReaches(_, def, use)
3+
from SsaVariable def, VarUse use
4+
where def.getAUse() = use
55
select def, use

0 commit comments

Comments
 (0)