From a49296b381a65b6cfd4d486b2012c4bd3733b107 Mon Sep 17 00:00:00 2001
From: Rotem Bar <78903577+rotem-cider@users.noreply.github.com>
Date: Sat, 19 Apr 2025 10:36:02 +0000
Subject: [PATCH 1/2] Handling of axios in functions and making axios create
function recursive
---
.../javascript/frameworks/ClientRequests.qll | 32 ++++++++++++++++---
1 file changed, 27 insertions(+), 5 deletions(-)
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
index 673bdf2de33f..1d5a3c8cbfec 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
@@ -204,11 +204,36 @@ module ClientRequest {
override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("axios") }
}
+ /** An API entry-point for the `axios` library inside a function */
+ private class AxiosInFunction extends API::EntryPoint {
+ AxiosInFunction() { this = "axios" }
+
+ override DataFlow::SourceNode getASource() {
+ // Handle direct parameter naming: function(axios){}
+ exists(Function f, Parameter p |
+ p.getName() = "axios" and
+ result = DataFlow::parameterNode(p)
+ )
+ or
+ // Handle destructured parameters: function({axios}){}
+ exists(DataFlow::ParameterNode param, DataFlow::SourceNode prop |
+ prop = param.getAPropertyRead("axios") and
+ result = prop
+ )
+ }
+ }
/** Gets a reference to the `axios` library. */
private API::Node axios() {
result = API::moduleImport("axios")
or
result = API::root().getASuccessor(API::Label::entryPoint(any(AxiosGlobalEntryPoint entry)))
+ or
+ result = API::root().getASuccessor(API::Label::entryPoint(any(AxiosInFunction entry)))
+ }
+
+ /** Recursively gets the `create` method of an axios instance. */
+ private API::Node axiosWithCreate() {
+ result = [axios(), axios().getMember("create").getReturn()]
}
/**
@@ -218,14 +243,11 @@ module ClientRequest {
string method;
AxiosUrlRequest() {
- this = axios().getACall() and
+ this = axiosWithCreate().getACall() and
method = "request"
or
- this = axios().getMember(method).getACall() and
+ this = axiosWithCreate().getMember(method).getACall() and
method = [httpMethodName(), "request", "postForm", "putForm", "patchForm", "getUri"]
- or
- this = axios().getMember("create").getReturn().getACall() and
- method = "request"
}
private int getOptionsArgIndex() {
From 94f42facb3b0b117ddc0a5def61949ce0c940045 Mon Sep 17 00:00:00 2001
From: Rotem Bar <78903577+rotem-cider@users.noreply.github.com>
Date: Sat, 19 Apr 2025 14:06:10 +0300
Subject: [PATCH 2/2] Added change notes
---
.../change-notes/2025-04-19-axios-add-create-and-function.md | 5 +++++
1 file changed, 5 insertions(+)
create mode 100644 javascript/ql/lib/change-notes/2025-04-19-axios-add-create-and-function.md
diff --git a/javascript/ql/lib/change-notes/2025-04-19-axios-add-create-and-function.md b/javascript/ql/lib/change-notes/2025-04-19-axios-add-create-and-function.md
new file mode 100644
index 000000000000..4a8d81a450b5
--- /dev/null
+++ b/javascript/ql/lib/change-notes/2025-04-19-axios-add-create-and-function.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added support for `axios` `create` method recursively
+* Added support for `axios` parameters in functions
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy