On Fri, Oct 9, 2015 at 1:21 PM, Joshua Cranmer 🐧 <[email protected]>
wrote:
> On 10/9/2015 9:33 AM, Ehsan Akhgari wrote:
>
>> This is not possible to achieve through static analysis based on the
>> source code level constructs. In other words, you cannot build a tool that
>> looks at source code, analyzes the tokens appearing in it, and infer
>> whether a property on an object has been accessed.
>>
>
> The best static analysis on JS that you can probably get is to tell you
> when you're accessing a dynamic property on an object (i.e., filtering out
> IndexExpressions based on types of the object). In principle, that could be
> a starting point for manual analysis, but even that is likely to produce
> way too many false positives
That would only work if you prohibit index expressions on all objects that
can give you back the object you're interested in. As an example, if you
prohibited those expressions on |window| for example, it wouldn't catch
code like |document.getElementById("foo").ownerDocument.defaultView["bad" +
"property"]|.
Cheers,
--
Ehsan
_______________________________________________
dev-static-analysis mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-static-analysis
