From 26f3b40d3591ec07806bdf1438df6e95030bd2c3 Mon Sep 17 00:00:00 2001
From: Vasco-jofra <11303847+Vasco-jofra@users.noreply.github.com>
Date: Sat, 14 Jun 2025 00:13:03 +0200
Subject: [PATCH] Add lodash GroupBy as taint step
---
.../javascript/frameworks/LodashUnderscore.qll | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll b/javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll
index 7c2e6aa37a58..202586227375 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll
@@ -341,6 +341,18 @@ module LodashUnderscore {
preservesValue = true
}
}
+
+ private class LodashGroupBy extends DataFlow::SummarizedCallable {
+ LodashGroupBy() { this = "_.groupBy" }
+
+ override DataFlow::CallNode getACall() { result = member("groupBy").getACall() }
+
+ override predicate propagatesFlow(string input, string output, boolean preservesValue) {
+ input = "Argument[0]" and
+ output = ["Argument[1].Parameter[0]", "ReturnValue"] and
+ preservesValue = false
+ }
+ }
}
/**
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy