apply the explicit this patch to new code

erik-krogh · erik-krogh · commit f0c5a80d1a70 · 2021-11-13T21:03:54.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll b/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll
@@ -164,7 +164,7 @@ private module NodeJSCrypto {
       exists(DataFlow::SourceNode mod |
         mod = DataFlow::moduleImport("crypto") and
         this = mod.getAMemberCall("create" + ["Hash", "Hmac", "Sign", "Cipher"]) and
-        algorithm.matchesName(getArgument(0).getStringValue())
+        algorithm.matchesName(this.getArgument(0).getStringValue())
       )
     }
 
@@ -190,15 +190,15 @@ private module NodeJSCrypto {
     }
 
     override CryptographicAlgorithm getAlgorithm() {
-      result.matchesName(getArgument(0).getStringValue())
+      result.matchesName(this.getArgument(0).getStringValue())
     }
 
     override int getSize() {
       symmetric = true and
-      result = getOptionArgument(1, "length").getIntValue()
+      result = this.getOptionArgument(1, "length").getIntValue()
       or
       symmetric = false and
-      result = getOptionArgument(1, "modulusLength").getIntValue()
+      result = this.getOptionArgument(1, "modulusLength").getIntValue()
     }
 
     override predicate isSymmetricKey() { symmetric = true }
@@ -212,7 +212,7 @@ private module NodeJSCrypto {
 
     override CryptographicAlgorithm getAlgorithm() { none() }
 
-    override int getSize() { result = getArgument(0).getIntValue() }
+    override int getSize() { result = this.getArgument(0).getIntValue() }
 
     override predicate isSymmetricKey() { none() }
   }
@@ -224,7 +224,7 @@ private module NodeJSCrypto {
       this = instantiation.getAMethodCall(any(string m | m = "update" or m = "write")).asExpr()
     }
 
-    override Expr getInput() { result = getArgument(0) }
+    override Expr getInput() { result = this.getArgument(0) }
 
     override CryptographicAlgorithm getAlgorithm() { result = instantiation.getAlgorithm() }
   }
@@ -365,9 +365,9 @@ private module CryptoJS {
     override CryptographicAlgorithm getAlgorithm() { result.matchesName(algorithm) }
 
     override int getSize() {
-      result = getOptionArgument(optionArg, "keySize").getIntValue() * 32 // size is in words
+      result = this.getOptionArgument(optionArg, "keySize").getIntValue() * 32 // size is in words
       or
-      result = getArgument(optionArg).getIntValue() * 32 // size is in words
+      result = this.getArgument(optionArg).getIntValue() * 32 // size is in words
     }
 
     override predicate isSymmetricKey() { any() }
@@ -496,19 +496,19 @@ private module Forge {
           // `require('forge').cipher.createCipher("3DES-CBC").update("secret", "key");`
           (createName = "createCipher" or createName = "createDecipher") and
           this = mod.getAPropertyRead("cipher").getAMemberCall(createName) and
-          getArgument(0).asExpr().mayHaveStringValue(cipherName) and
+          this.getArgument(0).asExpr().mayHaveStringValue(cipherName) and
           cipherName = cipherPrefix + "-" + cipherSuffix and
           cipherSuffix = ["CBC", "CFB", "CTR", "ECB", "GCM", "OFB"] and
           algorithmName = cipherPrefix and
-          key = getArgument(1)
+          key = this.getArgument(1)
         )
         or
         // `require("forge").rc2.createEncryptionCipher("key").update("secret");`
         exists(string createName |
           createName = "createEncryptionCipher" or createName = "createDecryptionCipher"
         |
           this = mod.getAPropertyRead(algorithmName).getAMemberCall(createName) and
-          key = getArgument(0)
+          key = this.getArgument(0)
         )
       )
     }
@@ -583,7 +583,7 @@ private module Forge {
       result = this.getArgument(1).getIntValue()
       or
       exists(DataFlow::CallNode call | call.getCalleeName() = ["getBytes", "getBytesSync"] |
-        getArgument(1).getALocalSource() = call and
+        this.getArgument(1).getALocalSource() = call and
         result = call.getArgument(0).getIntValue() * 8 // bytes to bits
       )
     }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll
@@ -233,7 +233,7 @@ private class IsArrayCheck extends TaintTracking::LabeledSanitizerGuardNode, Dat
   IsArrayCheck() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") }
 
   override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {
-    e = getArgument(0).asExpr() and
+    e = this.getArgument(0).asExpr() and
     outcome = true and
     label instanceof ObjectPrototype
   }
@@ -260,7 +260,7 @@ private class IncludesCheck extends TaintTracking::LabeledSanitizerGuardNode, In
   IncludesCheck() { this.getContainedNode().mayHaveStringValue("__proto__") }
 
   override predicate sanitizes(boolean outcome, Expr e) {
-    e = getContainerNode().asExpr() and
-    outcome = getPolarity().booleanNot()
+    e = this.getContainerNode().asExpr() and
+    outcome = this.getPolarity().booleanNot()
   }
 }
diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll
@@ -17,20 +17,20 @@ class Configuration extends TaintTracking::Configuration {
   private predicate hasSanitizingSubstring(DataFlow::Node nd) {
     nd.getStringValue().regexpMatch(".*[?#].*")
     or
-    hasSanitizingSubstring(StringConcatenation::getAnOperand(nd))
+    this.hasSanitizingSubstring(StringConcatenation::getAnOperand(nd))
     or
-    hasSanitizingSubstring(nd.getAPredecessor())
+    this.hasSanitizingSubstring(nd.getAPredecessor())
   }
 
   private predicate strictSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sink) {
     exists(DataFlow::Node operator, int n |
       StringConcatenation::taintStep(source, sink, operator, n) and
-      hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1]))
+      this.hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1]))
     )
   }
 
   override predicate isSanitizerEdge(DataFlow::Node source, DataFlow::Node sink) {
-    strictSanitizingPrefixEdge(source, sink)
+    this.strictSanitizingPrefixEdge(source, sink)
   }
 
   override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode nd) {
@@ -126,7 +126,7 @@ class IntegerCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode
 
   override predicate sanitizes(boolean outcome, Expr e) {
     outcome = true and
-    e = getArgument(0).asExpr()
+    e = this.getArgument(0).asExpr()
   }
 }
 
@@ -149,6 +149,6 @@ class ValidatorCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNo
 
   override predicate sanitizes(boolean outcome, Expr e) {
     outcome = true and
-    e = getArgument(0).asExpr()
+    e = this.getArgument(0).asExpr()
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -164,7 +164,7 @@ private module NodeJSCrypto {`
`164`	`164`	`exists(DataFlow::SourceNode mod \|`
`165`	`165`	`mod = DataFlow::moduleImport("crypto") and`
`166`	`166`	`this = mod.getAMemberCall("create" + ["Hash", "Hmac", "Sign", "Cipher"]) and`
`167`		`- algorithm.matchesName(getArgument(0).getStringValue())`
	`167`	`+ algorithm.matchesName(this.getArgument(0).getStringValue())`
`168`	`168`	`)`
`169`	`169`	`}`
`170`	`170`
`@@ -190,15 +190,15 @@ private module NodeJSCrypto {`
`190`	`190`	`}`
`191`	`191`
`192`	`192`	`override CryptographicAlgorithm getAlgorithm() {`
`193`		`- result.matchesName(getArgument(0).getStringValue())`
	`193`	`+ result.matchesName(this.getArgument(0).getStringValue())`
`194`	`194`	`}`
`195`	`195`
`196`	`196`	`override int getSize() {`
`197`	`197`	`symmetric = true and`
`198`		`- result = getOptionArgument(1, "length").getIntValue()`
	`198`	`+ result = this.getOptionArgument(1, "length").getIntValue()`
`199`	`199`	`or`
`200`	`200`	`symmetric = false and`
`201`		`- result = getOptionArgument(1, "modulusLength").getIntValue()`
	`201`	`+ result = this.getOptionArgument(1, "modulusLength").getIntValue()`
`202`	`202`	`}`
`203`	`203`
`204`	`204`	`override predicate isSymmetricKey() { symmetric = true }`
`@@ -212,7 +212,7 @@ private module NodeJSCrypto {`
`212`	`212`
`213`	`213`	`override CryptographicAlgorithm getAlgorithm() { none() }`
`214`	`214`
`215`		`- override int getSize() { result = getArgument(0).getIntValue() }`
	`215`	`+ override int getSize() { result = this.getArgument(0).getIntValue() }`
`216`	`216`
`217`	`217`	`override predicate isSymmetricKey() { none() }`
`218`	`218`	`}`
`@@ -224,7 +224,7 @@ private module NodeJSCrypto {`
`224`	`224`	`this = instantiation.getAMethodCall(any(string m \| m = "update" or m = "write")).asExpr()`
`225`	`225`	`}`
`226`	`226`
`227`		`- override Expr getInput() { result = getArgument(0) }`
	`227`	`+ override Expr getInput() { result = this.getArgument(0) }`
`228`	`228`
`229`	`229`	`override CryptographicAlgorithm getAlgorithm() { result = instantiation.getAlgorithm() }`
`230`	`230`	`}`
`@@ -365,9 +365,9 @@ private module CryptoJS {`
`365`	`365`	`override CryptographicAlgorithm getAlgorithm() { result.matchesName(algorithm) }`
`366`	`366`
`367`	`367`	`override int getSize() {`
`368`		`- result = getOptionArgument(optionArg, "keySize").getIntValue() * 32 // size is in words`
	`368`	`+ result = this.getOptionArgument(optionArg, "keySize").getIntValue() * 32 // size is in words`
`369`	`369`	`or`
`370`		`- result = getArgument(optionArg).getIntValue() * 32 // size is in words`
	`370`	`+ result = this.getArgument(optionArg).getIntValue() * 32 // size is in words`
`371`	`371`	`}`
`372`	`372`
`373`	`373`	`override predicate isSymmetricKey() { any() }`
`@@ -496,19 +496,19 @@ private module Forge {`
`496`	`496`	// `require('forge').cipher.createCipher("3DES-CBC").update("secret", "key");`
`497`	`497`	`(createName = "createCipher" or createName = "createDecipher") and`
`498`	`498`	`this = mod.getAPropertyRead("cipher").getAMemberCall(createName) and`
`499`		`- getArgument(0).asExpr().mayHaveStringValue(cipherName) and`
	`499`	`+ this.getArgument(0).asExpr().mayHaveStringValue(cipherName) and`
`500`	`500`	`cipherName = cipherPrefix + "-" + cipherSuffix and`
`501`	`501`	`cipherSuffix = ["CBC", "CFB", "CTR", "ECB", "GCM", "OFB"] and`
`502`	`502`	`algorithmName = cipherPrefix and`
`503`		`- key = getArgument(1)`
	`503`	`+ key = this.getArgument(1)`
`504`	`504`	`)`
`505`	`505`	`or`
`506`	`506`	// `require("forge").rc2.createEncryptionCipher("key").update("secret");`
`507`	`507`	`exists(string createName \|`
`508`	`508`	`createName = "createEncryptionCipher" or createName = "createDecryptionCipher"`
`509`	`509`	`\|`
`510`	`510`	`this = mod.getAPropertyRead(algorithmName).getAMemberCall(createName) and`
`511`		`- key = getArgument(0)`
	`511`	`+ key = this.getArgument(0)`
`512`	`512`	`)`
`513`	`513`	`)`
`514`	`514`	`}`
`@@ -583,7 +583,7 @@ private module Forge {`
`583`	`583`	`result = this.getArgument(1).getIntValue()`
`584`	`584`	`or`
`585`	`585`	`exists(DataFlow::CallNode call \| call.getCalleeName() = ["getBytes", "getBytesSync"] \|`
`586`		`- getArgument(1).getALocalSource() = call and`
	`586`	`+ this.getArgument(1).getALocalSource() = call and`
`587`	`587`	`result = call.getArgument(0).getIntValue() * 8 // bytes to bits`
`588`	`588`	`)`
`589`	`589`	`}`
Original file line number	Diff line number	Diff line change
`@@ -233,7 +233,7 @@ private class IsArrayCheck extends TaintTracking::LabeledSanitizerGuardNode, Dat`
`233`	`233`	`IsArrayCheck() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") }`
`234`	`234`
`235`	`235`	`override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {`
`236`		`- e = getArgument(0).asExpr() and`
	`236`	`+ e = this.getArgument(0).asExpr() and`
`237`	`237`	`outcome = true and`
`238`	`238`	`label instanceof ObjectPrototype`
`239`	`239`	`}`
`@@ -260,7 +260,7 @@ private class IncludesCheck extends TaintTracking::LabeledSanitizerGuardNode, In`
`260`	`260`	`IncludesCheck() { this.getContainedNode().mayHaveStringValue("__proto__") }`
`261`	`261`
`262`	`262`	`override predicate sanitizes(boolean outcome, Expr e) {`
`263`		`- e = getContainerNode().asExpr() and`
`264`		`- outcome = getPolarity().booleanNot()`
	`263`	`+ e = this.getContainerNode().asExpr() and`
	`264`	`+ outcome = this.getPolarity().booleanNot()`
`265`	`265`	`}`
`266`	`266`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,20 +17,20 @@ class Configuration extends TaintTracking::Configuration {`
`17`	`17`	`private predicate hasSanitizingSubstring(DataFlow::Node nd) {`
`18`	`18`	`nd.getStringValue().regexpMatch(".[?#].")`
`19`	`19`	`or`
`20`		`- hasSanitizingSubstring(StringConcatenation::getAnOperand(nd))`
	`20`	`+ this.hasSanitizingSubstring(StringConcatenation::getAnOperand(nd))`
`21`	`21`	`or`
`22`		`- hasSanitizingSubstring(nd.getAPredecessor())`
	`22`	`+ this.hasSanitizingSubstring(nd.getAPredecessor())`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`private predicate strictSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sink) {`
`26`	`26`	`exists(DataFlow::Node operator, int n \|`
`27`	`27`	`StringConcatenation::taintStep(source, sink, operator, n) and`
`28`		`- hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1]))`
	`28`	`+ this.hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1]))`
`29`	`29`	`)`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`override predicate isSanitizerEdge(DataFlow::Node source, DataFlow::Node sink) {`
`33`		`- strictSanitizingPrefixEdge(source, sink)`
	`33`	`+ this.strictSanitizingPrefixEdge(source, sink)`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode nd) {`
`@@ -126,7 +126,7 @@ class IntegerCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode`
`126`	`126`
`127`	`127`	`override predicate sanitizes(boolean outcome, Expr e) {`
`128`	`128`	`outcome = true and`
`129`		`- e = getArgument(0).asExpr()`
	`129`	`+ e = this.getArgument(0).asExpr()`
`130`	`130`	`}`
`131`	`131`	`}`
`132`	`132`
`@@ -149,6 +149,6 @@ class ValidatorCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNo`
`149`	`149`
`150`	`150`	`override predicate sanitizes(boolean outcome, Expr e) {`
`151`	`151`	`outcome = true and`
`152`		`- e = getArgument(0).asExpr()`
	`152`	`+ e = this.getArgument(0).asExpr()`
`153`	`153`	`}`
`154`	`154`	`}`