Skip to content

JS: refactor most library models away from AST nodes #8604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 39 commits into from
Sep 9, 2022
Merged

JS: refactor most library models away from AST nodes #8604

merged 39 commits into from
Sep 9, 2022

Conversation

erik-krogh
Copy link
Contributor

@erik-krogh erik-krogh commented Mar 30, 2022
edited
Loading

Initially I started with refactoring the HTTP models to use dataflow nodes.
That was done surprisingly quick, so I continued with more library models.

I've made deprecated aliases where a renaming made sense, and otherwise I just changed the type.

The flowsTo predicates in the HTTP models were confusing when starting to use DataFlow::Node. (I initially made mistakes because of that). So I've deprecated those flowsTo predicates.

Evaluation

An evaluation looks OK. But there are some new results and some lost results.

New results:

All appear to be TPs, and they are all from recognizing destructuring assignments as property reads, which allows us to recognize more sources.
Two of the results appeared from refactoring the HTTP models (the js/path-injection results).
And two other appeared from refactoring the SensitiveExpr class (the js/insufficient-password-hash resutls).

Lost results:

Both lost results are a consequence of a DataFlow::PropWrite having no result for getRhs() when the AST looks like:

obj.prop += value

One appears to be a TP, the other appears to be an FP.

I should do some followup work to investigate if we can have a sensible result for getRhs() in the above example. (After this PR has merged).

@github-actions github-actions bot added the JS label Mar 30, 2022
@erik-krogh erik-krogh force-pushed the httpNode branch 19 times, most recently from c980fe5 to e93beab Compare March 31, 2022 15:02
@erik-krogh erik-krogh changed the title JS: refactor HTTP models to use DataFlow nodes JS: refactor library models away from AST nodes Mar 31, 2022
@erik-krogh erik-krogh force-pushed the httpNode branch 3 times, most recently from 024c690 to ccd6525 Compare April 3, 2022 16:16
@erik-krogh erik-krogh force-pushed the httpNode branch 2 times, most recently from 6b19874 to eefcfc1 Compare April 4, 2022 11:08
@erik-krogh erik-krogh changed the title JS: refactor library models away from AST nodes JS: refactor most library models away from AST nodes Apr 4, 2022
erik-krogh and others added 23 commits September 5, 2022 16:11
@erik-krogh
update the existing expression based Express models
fc54ba8
@erik-krogh
convert the remaining Koa models to DataFlow nodes
136124f
@erik-krogh
convert some leftovers to use dataflow nodes
2f429e7
@erik-krogh
convert the DOM model to use DataFlow nodes
9bea110
@erik-krogh
convert the AngularJS model to use DataFlow nodes
aa9261f
@erik-krogh
fix express in the POI test
5ebea8c
@erik-krogh
update the cryptoLibraries to use dataflow nodes
e0e8085
@erik-krogh
refactor a use of MethodCallExpr in `ClientSideUrlRedirectCustomizati…
4d05343 
…ons.qll`
@erik-krogh
update the SQL/NoSQL models to use dataflow nodes
c5b1588
@erik-krogh
refactor the CredentialsExpr to be a dataflow node
0c4f08c
@erik-krogh
refactor the SensitiveExpr to be a dataflow node
b4968eb
@erik-krogh
rewrite some expression based predicates in TaintTracking.qll
6697dd1
@erik-krogh
refactor miscellaneous expression uses to dataflow nodes
5b61db9
@erik-krogh
add change note
833480d
@erik-krogh @asgerf
fix typo in qldoc
73a9361 
Co-authored-by: Asger F <[email protected]>
@erik-krogh @asgerf
simplify int check
74a79f8 
Co-authored-by: Asger F <[email protected]>
@erik-krogh
add domNode.innerHTML += sink as a DOM sink
e387eba
@erik-krogh
update the deprecation notice of RouteExpr such that it points to p…
26f5643 
…ublic APIs
@erik-krogh
rewrite the change-note to emphasise that the change is potentially b…
e64f96c 
…reaking
@erik-krogh
expand change-note to mention classes that have a changed basetype
b398f96
@erik-krogh
run the explicit-this patch on javascript/
90bc8a5
@erik-krogh
rename an upper-cased acronym
54eb041
@erik-krogh
fix typo in change-note
4e14177
@erik-krogh
Copy link
Contributor Author

erik-krogh commented Sep 5, 2022
edited
Loading

The JavaScript language tests are broken, but that's unrelated.
I got an internal PR that fixes it (see the backref)..
Fixed.

@erik-krogh erik-krogh marked this pull request as ready for review September 5, 2022 18:29
@erik-krogh
Copy link
Contributor Author

A new evaluation looks good.

The new results are due to recognizing object destructuring as property reads.

@erik-krogh erik-krogh mentioned this pull request Sep 6, 2022
Merged
asgerf
asgerf approved these changes Sep 9, 2022
View reviewed changes
Copy link
Contributor

@asgerf asgerf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@erik-krogh erik-krogh merged commit 9893650 into github:main Sep 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asgerf asgerf asgerf approved these changes

@henrymercer henrymercer henrymercer left review comments

Assignees
No one assigned
Labels
documentation JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@erik-krogh @annarailton @asgerf @calumgrant @henrymercer