Add the promises ql file (#7720)

2026-01-26 09:35:38 -05:00 · 2019-10-14 18:55:26 -07:00
parent 087f7fc43d
commit 75388cc3af
1 changed files with 32 additions and 0 deletions
--- a/.lgtm/javascript-queries/promises.ql
+++ b/.lgtm/javascript-queries/promises.ql
@@ -0,0 +1,32 @@
+/**
+ * @kind problem
+ * @problem.severity warning
+ * @id js/experimental/floating-promise
+ */
+import javascript
+
+private predicate isEscapingPromise(PromiseDefinition promise) {
+  exists (DataFlow::Node escape | promise.flowsTo(escape) |
+    escape = any(DataFlow::InvokeNode invk).getAnArgument()
+    or
+    escape = any(DataFlow::FunctionNode fun).getAReturn()
+    or
+    escape = any(ThrowStmt t).getExpr().flow()
+    or
+    escape = any(GlobalVariable v).getAnAssignedExpr().flow()
+    or
+    escape = any(DataFlow::PropWrite write).getRhs()
+    or
+    exists(WithStmt with, Assignment assign |
+      with.mayAffect(assign.getLhs()) and
+      assign.getRhs().flow() = escape
+    )
+  )
+}
+
+from PromiseDefinition promise
+where
+  not exists(promise.getAMethodCall(any(string m | m = "then" or m = "catch" or m = "finally"))) and
+  not exists (AwaitExpr e | promise.flowsTo(e.getOperand().flow())) and
+  not isEscapingPromise(promise)
+select promise, "This promise appears to be a floating promise"