@eagleoutice/flowr

Version:

Static Dataflow Analyzer and Program Slicer for the R Programming Language

49 lines (48 loc) • 3.14 kB

TypeScript

import { type LintingResult, LintingRuleCertainty } from '../linter-format'; import type { MergeableRecord } from '../../util/objects'; import { SourceLocation } from '../../util/range'; import { LintingRuleTag } from '../linter-tags'; import type { InputClassifierConfig, InputSources } from '../../queries/catalog/input-sources-query/simple-input-classifier'; export interface PipeCommandFunctionSpec { pattern: string; argIdx: number; argName: string; } export interface ProblematicInputsResult extends LintingResult { name: string; loc: SourceLocation; sources: InputSources; pipeCommand?: string; } export interface ProblematicInputsConfig extends MergeableRecord { consider?: string | string[]; inputFns?: InputClassifierConfig; pipeCommandFunctions?: PipeCommandFunctionSpec | PipeCommandFunctionSpec[]; } export type ProblematicInputsMetadata = MergeableRecord; export declare const PROBLEMATIC_INPUTS: { readonly createSearch: (config: ProblematicInputsConfig) => import("../../search/flowr-search-builder").FlowrSearchBuilder<"from-query", [], import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../../search/flowr-search").FlowrSearchElements<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../../search/flowr-search").FlowrSearchElement<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>>; readonly processSearchResult: (elements: import("../../search/flowr-search").FlowrSearchElements<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../../search/flowr-search").FlowrSearchElement<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>, config: ProblematicInputsConfig, data: { normalize: import("../../r-bridge/lang-4.x/ast/model/processing/decorate").NormalizedAst; dataflow: import("../../dataflow/info").DataflowInformation; cfg: import("../../control-flow/control-flow-graph").ControlFlowInformation; analyzer: import("../../project/flowr-analyzer").ReadonlyFlowrAnalysisProvider; }) => Promise<{ results: ProblematicInputsResult[]; '.meta': {}; }>; readonly prettyPrint: { readonly query: (result: ProblematicInputsResult) => string; readonly full: (result: ProblematicInputsResult) => string; }; readonly info: { readonly name: "Problematic inputs"; readonly description: "Detects uses of dynamic calls (e.g. eval, system) with non-constant inputs, and graphics-device calls (pdf, postscript) where a filename starts with '|' indicating a pipe command injection."; readonly tags: readonly [LintingRuleTag.Security, LintingRuleTag.Smell, LintingRuleTag.Readability, LintingRuleTag.Performance]; readonly certainty: LintingRuleCertainty.BestEffort; readonly defaultConfig: { readonly consider: readonly ["^eval$", "^system$", "^system2$", "^shell$"]; readonly pipeCommandFunctions: readonly PipeCommandFunctionSpec[]; }; }; };