Merge pull request #19768 from trailofbits/VF/lodash-group-by

asgerf · web-flow · commit f587273828f4 · 2025-09-16T08:55:13.000+02:00
Add lodash GroupBy as taint step
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll b/javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll
@@ -341,6 +341,18 @@ module LodashUnderscore {
       preservesValue = true
     }
   }
+
+  private class LodashGroupBy extends DataFlow::SummarizedCallable {
+    LodashGroupBy() { this = "_.groupBy" }
+
+    override DataFlow::CallNode getACall() { result = member("groupBy").getACall() }
+
+    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
+      input = "Argument[0]" and
+      output = ["Argument[1].Parameter[0]", "ReturnValue"] and
+      preservesValue = false
+    }
+  }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -341,6 +341,18 @@ module LodashUnderscore {`
`341`	`341`	`preservesValue = true`
`342`	`342`	`}`
`343`	`343`	`}`
	`344`	`+`
	`345`	`+ private class LodashGroupBy extends DataFlow::SummarizedCallable {`
	`346`	`+ LodashGroupBy() { this = "_.groupBy" }`
	`347`	`+`
	`348`	`+ override DataFlow::CallNode getACall() { result = member("groupBy").getACall() }`
	`349`	`+`
	`350`	`+ override predicate propagatesFlow(string input, string output, boolean preservesValue) {`
	`351`	`+ input = "Argument[0]" and`
	`352`	`+ output = ["Argument[1].Parameter[0]", "ReturnValue"] and`
	`353`	`+ preservesValue = false`
	`354`	`+ }`
	`355`	`+ }`
`344`	`356`	`}`
`345`	`357`
`346`	`358`	`/**`