JS: patch-generated stubs

d10c · d10c · commit aeba0f52aaea · 2025-07-04T11:48:27.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll
@@ -29,11 +29,16 @@ module IndirectCommandInjectionConfig implements DataFlow::ConfigSig {
 
   predicate observeDiffInformedIncrementalMode() { any() }
 
+  Location getASelectedSourceLocation(DataFlow::Node source) {
+    none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 25 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql@29:8:29:16)
+  }
+
   Location getASelectedSinkLocation(DataFlow::Node sink) {
     exists(DataFlow::Node node |
       isSinkWithHighlight(sink, node) and
       result = node.getLocation()
     )
+    // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 25 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql@29:8:29:16)
   }
 }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll
@@ -52,7 +52,17 @@ module NosqlInjectionConfig implements DataFlow::StateConfigSig {
     state2 = state1
   }
 
-  predicate observeDiffInformedIncrementalMode() { any() }
+  predicate observeDiffInformedIncrementalMode() {
+    any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 32 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 34 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 32 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 34 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
+  }
+
+  Location getASelectedSourceLocation(DataFlow::Node source) {
+    none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 32 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 34 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 32 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 34 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
+  }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 32 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 34 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 32 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 34 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
+  }
 }
 
 /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll
@@ -30,11 +30,16 @@ module ShellCommandInjectionFromEnvironmentConfig implements DataFlow::ConfigSig
 
   predicate observeDiffInformedIncrementalMode() { any() }
 
+  Location getASelectedSourceLocation(DataFlow::Node source) {
+    none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 26 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql@30:8:30:16)
+  }
+
   Location getASelectedSinkLocation(DataFlow::Node sink) {
     exists(DataFlow::Node node |
       isSinkWithHighlight(sink, node) and
       result = node.getLocation()
     )
+    // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 26 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql@30:8:30:16)
   }
 }
 
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll
@@ -32,7 +32,17 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
     )
   }
 
-  predicate observeDiffInformedIncrementalMode() { any() }
+  predicate observeDiffInformedIncrementalMode() {
+    any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
+  }
+
+  Location getASelectedSourceLocation(DataFlow::Node source) {
+    none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
+  }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
+  }
 }
 
 /**
diff --git a/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql b/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
@@ -33,6 +33,14 @@ module EnvValueAndKeyInjectionConfig implements DataFlow::ConfigSig {
       )
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 66 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql@69:8:69:23)
+  }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 66 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql@69:8:69:23)
+  }
 }
 
 module EnvValueAndKeyInjectionFlow = TaintTracking::Global<EnvValueAndKeyInjectionConfig>;
diff --git a/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql b/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql
@@ -27,6 +27,14 @@ module VerifiedDecodeConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink = verifiedDecode() }
+
+  predicate observeDiffInformedIncrementalMode() {
+    any() // TODO: Make sure that the location overrides match the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 39 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql@40:60:40:73)
+  }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    none() // TODO: Make sure that this sink location matches the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 39 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql@40:60:40:73)
+  }
 }
 
 module VerifiedDecodeFlow = TaintTracking::Global<VerifiedDecodeConfig>;

Original file line number	Diff line number	Diff line change
`@@ -29,11 +29,16 @@ module IndirectCommandInjectionConfig implements DataFlow::ConfigSig {`
`29`	`29`
`30`	`30`	`predicate observeDiffInformedIncrementalMode() { any() }`
`31`	`31`
	`32`	`+ Location getASelectedSourceLocation(DataFlow::Node source) {`
	`33`	`+ none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 25 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql@29:8:29:16)`
	`34`	`+ }`
	`35`	`+`
`32`	`36`	`Location getASelectedSinkLocation(DataFlow::Node sink) {`
`33`	`37`	`exists(DataFlow::Node node \|`
`34`	`38`	`isSinkWithHighlight(sink, node) and`
`35`	`39`	`result = node.getLocation()`
`36`	`40`	`)`
	`41`	`+ // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 25 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql@29:8:29:16)`
`37`	`42`	`}`
`38`	`43`	`}`
`39`	`44`
Original file line number	Diff line number	Diff line change
`@@ -30,11 +30,16 @@ module ShellCommandInjectionFromEnvironmentConfig implements DataFlow::ConfigSig`
`30`	`30`
`31`	`31`	`predicate observeDiffInformedIncrementalMode() { any() }`
`32`	`32`
	`33`	`+ Location getASelectedSourceLocation(DataFlow::Node source) {`
	`34`	`+ none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 26 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql@30:8:30:16)`
	`35`	`+ }`
	`36`	`+`
`33`	`37`	`Location getASelectedSinkLocation(DataFlow::Node sink) {`
`34`	`38`	`exists(DataFlow::Node node \|`
`35`	`39`	`isSinkWithHighlight(sink, node) and`
`36`	`40`	`result = node.getLocation()`
`37`	`41`	`)`
	`42`	`+ // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 26 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql@30:8:30:16)`
`38`	`43`	`}`
`39`	`44`	`}`
`40`	`45`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,17 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {`
`32`	`32`	`)`
`33`	`33`	`}`
`34`	`34`
`35`		`- predicate observeDiffInformedIncrementalMode() { any() }`
	`35`	`+ predicate observeDiffInformedIncrementalMode() {`
	`36`	+ any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
	`37`	`+ }`
	`38`	`+`
	`39`	`+ Location getASelectedSourceLocation(DataFlow::Node source) {`
	`40`	+ none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
	`41`	`+ }`
	`42`	`+`
	`43`	`+ Location getASelectedSinkLocation(DataFlow::Node sink) {`
	`44`	+ none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:8:35:21), Column 1 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:8:37:21), Column 5 does not select a source or sink originating from the flow call on line 28 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql@35:82:35:97), Column 5 does not select a source or sink originating from the flow call on line 30 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql@37:82:37:97)
	`45`	`+ }`
`36`	`46`	`}`
`37`	`47`
`38`	`48`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,14 @@ module EnvValueAndKeyInjectionConfig implements DataFlow::ConfigSig {`
`33`	`33`	`)`
`34`	`34`	`)`
`35`	`35`	`}`
	`36`	`+`
	`37`	`+ predicate observeDiffInformedIncrementalMode() {`
	`38`	`+ any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 66 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql@69:8:69:23)`
	`39`	`+ }`
	`40`	`+`
	`41`	`+ Location getASelectedSinkLocation(DataFlow::Node sink) {`
	`42`	`+ none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 66 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql@69:8:69:23)`
	`43`	`+ }`
`36`	`44`	`}`
`37`	`45`
`38`	`46`	`module EnvValueAndKeyInjectionFlow = TaintTracking::Global<EnvValueAndKeyInjectionConfig>;`