castarco / codeql-javascript-unsafe-jquery-plugin

https://lab.github.com/githubtraining/codeql-for-javascript:-unsafe-jquery-plugin
0 stars 0 forks source link

Step 6 - Finding jQuery plugin options: property reads #9

Closed github-learning-lab[bot] closed 3 years ago

github-learning-lab[bot] commented 3 years ago

Step 6: Finding jQuery plugin options

jQuery plugins are usually defined by assigning a value to a property of the $.fn object:

  $.fn.copyText = function() { ... } // this function is a jQuery plugin

In the following steps, we'll find such plugins, and their options. We'll find

github-learning-lab[bot] commented 3 years ago

:book: Learn about data flow nodes

Take a few minutes to read about the data flow nodes for JavaScript and TypeScript.

github-learning-lab[bot] commented 3 years ago

:keyboard: Finding jQuery property reads

You have already seen how to find references to the jQuery $ function. Now find all places in the code that read the property $.fn. These results of your query will be of type DataFlow::Node.

Notice that jquery() returns a value of type DataFlow::SourceNode, from which the flow of data may be tracked. Use the auto-completion feature after jquery(). to browse the predicates of this DataFlow::SourceNode type, and their documentation. Look for a predicate that gets you all reads of a property named fn.

Write your query in the file property-read.ql and submit it.

github-learning-lab[bot] commented 3 years ago

Congratulations, looks like the query you introduced in de674b455f749f4db70f91e53dd2657d4ab17c44 finds the correct results!

Take a look at the instructions for the next step to continue.