Updated WebSocketReceiveNode to match bind functions.

Napalys · Napalys · commit c5860e92ec84 · 2025-04-04T12:28:53.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll
@@ -176,6 +176,12 @@ module ClientWebSocket {
       this = getAMessageHandler(emitter, "addEventListener")
       or
       this = emitter.getReturn().getMember("onmessage").getAValueReachingSink()
+      or
+      exists(DataFlow::MethodCallNode bindCall |
+        bindCall = emitter.getReturn().getMember("onmessage").getAValueReachingSink() and
+        bindCall.getMethodName() = "bind" and
+        this = bindCall.getReceiver().getAFunctionValue()
+      )
     }
 
     override DataFlow::Node getReceivedItem(int i) {
diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js
@@ -67,7 +67,7 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './
 
 const recv_message = function (e) {
     console.log('Received message:', e.data);
-}; // $ MISSING: clientReceive
+}; // $ clientReceive
 
 (function () {
     myWebSocketInstance.onmessage = recv_message.bind(this);
diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected
@@ -7,6 +7,7 @@ clientReceive
 | browser-custom.js:46:37:48:5 | functio ... )\\n    } |
 | browser-custom.js:57:34:60:5 | functio ... ;\\n    } |
 | browser-custom.js:62:50:64:5 | functio ... ;\\n    } |
+| browser-custom.js:68:22:70:1 | functio ... ata);\\n} |
 | browser.js:8:37:10:2 | functio ... ta);\\n\\t} |
 | browser.js:12:21:14:2 | functio ... ata)\\n\\t} |
 | browser.js:24:19:27:2 | functio ... e();\\n\\t} |
@@ -54,6 +55,7 @@ flowSteps
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data |
+| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data |
