CodeQL documentation
CodeQL resources

Incompatible dependency injection

ID: js/angular/incompatible-service
Kind: problem
Security severity: 
Severity: error
Precision: high
Tags:
   - quality
   - reliability
   - correctness
   - frameworks/angularjs
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

AngularJS has built-in support for dependency injection: components can simply list the names of the services they depend on, and AngularJS will provide appropriate instances and pass them as arguments at runtime.

Each injected service has a kind, this kind influences which components the service is compatible with.

Recommendation

Ensure that declared dependencies have the right kind for the component they are injected into.

Example

The following example shows a config-method that lists a dependency on a service named year. Later, a service of kind value is defined with the name year. This is not allowed, since config-methods can only be injected with services of kind provider or constant.

angular.module('myModule', [])
    .config(['year', function(year) {
        // ...
    }]);

angular.module('myModule')
    .value('year', 2000); // BAD: year is of kind 'value'

To solve this problem, the year service has to be of kind constant.

angular.module('myModule', [])
    .config(['year', function(year) {
        // ...
    }]);

angular.module('myModule')
    .constant('year', 2000); // GOOD: year is of kind 'constant'

References

  • © GitHub, Inc.
  • Terms
  • Privacy
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy