Add flow summaries and entry points for TextDecoder

Napalys · Napalys · commit b97c61864e90 · 2025-04-07T18:15:19.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll
@@ -13,3 +13,4 @@ private import Strings
 private import DynamicImportStep
 private import UrlSearchParams
 private import TypedArrays
+private import Decoders
diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll
@@ -0,0 +1,29 @@
+private import javascript
+private import semmle.javascript.dataflow.FlowSummary
+private import semmle.javascript.dataflow.InferredTypes
+private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private
+private import FlowSummaryUtil
+
+private class TextDecoderEntryPoint extends API::EntryPoint {
+  TextDecoderEntryPoint() { this = "global.TextDecoder" }
+
+  override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("TextDecoder") }
+}
+
+pragma[nomagic]
+API::Node textDecoderConstructorRef() { result = any(TextDecoderEntryPoint e).getANode() }
+
+class DecodeLike extends SummarizedCallable {
+  DecodeLike() { this = "TextDecoder#decode" }
+
+  override InstanceCall getACall() {
+    result =
+      textDecoderConstructorRef().getAnInstantiation().getReturn().getMember("decode").getACall()
+  }
+
+  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
+    preservesValue = true and
+    input = "Argument[0]" and
+    output = "ReturnValue"
+  }
+}
diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -45,13 +45,13 @@ legacyDataFlowDifference
 | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library |
 | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library |
 | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | only flow with NEW data flow library |
+| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | only flow with NEW data flow library |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
 consistencyIssue
 | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency |
 | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency |
 | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency |
 | typed-arrays.js:40 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency |
-| typed-arrays.js:50 | expected an alert, but found none | NOT OK | Consistency |
 flow
 | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x |
 | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x |
@@ -347,6 +347,7 @@ flow
 | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView |
 | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 |
 | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str |
+| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x |
 | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text |
