Skip to content

Commit 81fa051

Browse files
jeongsoolee09jeongsoolee09
committed
Refine docstring of HandlerParameterOfExposedService 
1 parent f31e5c7 commit 81fa051

File tree

1 file changed

+21
-16
lines changed

1 file changed

+21
-16
lines changed

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll

Lines changed: 21 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2,29 +2,34 @@ import javascript
22
import advanced_security.javascript.frameworks.cap.CDS
33

44
/**
5-
* Either of:
6-
* a parameter of a handler registered for an (exposed) service on an event. e.g.
7-
* ```javascript
8-
* this.on("SomeEvent", "SomeEntity", (req) => { ... });
9-
* this.before("SomeEvent", "SomeEntity", (req, next) => { ... });
10-
* SomeService.on("SomeEvent", "SomeEntity", (msg) => { ... });
11-
* SomeService.after("SomeEvent", "SomeEntity", (msg) => { ... });
5+
* The request parameter of a handler belonging to a service that is exposed to
6+
* a protocol. e.g. All parameters named `req` is captured in the below example.
7+
* ``` javascript
8+
* // srv/service1.js
9+
* module.exports = class Service1 extends cds.ApplicationService {
10+
* this.on("SomeEvent", "SomeEntity", (req) => { ... });
11+
* this.before("SomeEvent", "SomeEntity", (req, next) => { ... });
12+
* }
1213
* ```
13-
* OR
14-
* a handler parameter that is not connected to a service
15-
* possibly due to cds compilation failure
16-
* or non explicit service references in source. e.g.
17-
* ```javascript
18-
* cds.serve('./test-service').with((srv) => {
19-
* srv.after('READ', req => req.target.data) //req
20-
* })
14+
* ``` cds
15+
* // srv/service1.cds
16+
* service Service1 @(path: '/service-1') { ... }
2117
* ```
18+
*
19+
* NOTE: CDS extraction can fail for various reasons, and if so the detection
20+
* logic falls back on overapproximating on the parameters and assume they are
21+
* exposed.
2222
*/
2323
class HandlerParameterOfExposedService extends RemoteFlowSource, HandlerParameter {
2424
HandlerParameterOfExposedService() {
25+
/* 1. The CDS definition is there and we can determine it is exposed. */
2526
this.getHandler().getHandlerRegistration().getService().getDefinition().isExposed()
2627
or
27-
/* no precise service definition is known */
28+
/*
29+
* 2. (Fallback) The CDS definition is not there, so no precise service definition
30+
* is known.
31+
*/
32+
2833
not exists(this.getHandler().getHandlerRegistration().getService().getDefinition())
2934
}
3035

0 commit comments

Comments
 (0)