@@ -62,20 +62,16 @@ module IndirectCommandInjection {
6262 private DataFlow:: SourceNode yargs ( ) {
6363 result = DataFlow:: moduleImport ( "yargs" )
6464 or
65- result =
66- // script used to generate list of chained methods: https://gist.github.com/erik-krogh/f8afe952c0577f4b563a993e613269ba
67- yargs ( )
68- .getAMethodCall ( [ "middleware" , "scriptName" , "reset" , "resetOptions" , "boolean" , "array" ,
69- "number" , "normalize" , "count" , "string" , "requiresArg" , "skipValidation" , "nargs" ,
70- "choices" , "alias" , "defaults" , "default" , "describe" , "demandOption" , "coerce" ,
71- "config" , "example" , "require" , "required" , "demand" , "demandCommand" ,
72- "deprecateOption" , "implies" , "conflicts" , "usage" , "epilog" , "epilogue" , "fail" ,
73- "onFinishCommand" , "check" , "global" , "pkgConf" , "options" , "option" , "positional" ,
74- "group" , "env" , "wrap" , "strict" , "strictCommands" , "parserConfiguration" ,
75- "version" , "help" , "addHelpOpt" , "showHidden" , "addShowHiddenOpt" , "hide" ,
76- "showHelpOnFail" , "exitProcess" , "completion" , "updateLocale" , "updateStrings" ,
77- "detectLocale" , "recommendCommands" , "getValidationInstance" , "command" ,
78- "commandDir" , "showHelp" , "showCompletionScript" ] )
65+ // script used to generate list of chained methods: https://gist.github.com/erik-krogh/f8afe952c0577f4b563a993e613269ba
66+ exists ( string method |
67+ not method =
68+ // the methods that does not return a chained `yargs` object.
69+ [ "getContext" , "getDemandedOptions" , "getDemandedCommands" , "getDeprecatedOptions" ,
70+ "_getParseContext" , "getOptions" , "getGroups" , "getStrict" , "getStrictCommands" ,
71+ "getExitProcess" , "locale" , "getUsageInstance" , "getCommandInstance" ]
72+ |
73+ result = yargs ( ) .getAMethodCall ( method )
74+ )
7975 }
8076
8177 /**
0 commit comments