← 返回首页
Incompatible dependency injection — CodeQL query help documentation CodeQL docs
CodeQL documentation
CodeQL resources

Incompatible dependency injection

ID: js/angular/incompatible-service Kind: problem Security severity: Severity: error Precision: high Tags: - quality - reliability - correctness - frameworks/angularjs Query suites: - javascript-code-quality.qls - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

AngularJS has built-in support for dependency injection: components can simply list the names of the services they depend on, and AngularJS will provide appropriate instances and pass them as arguments at runtime.

Each injected service has a kind, this kind influences which components the service is compatible with.

Recommendation

Ensure that declared dependencies have the right kind for the component they are injected into.

Example

The following example shows a config-method that lists a dependency on a service named year. Later, a service of kind value is defined with the name year. This is not allowed, since config-methods can only be injected with services of kind provider or constant.

angular.module('myModule', []) .config(['year', function(year) { // ... }]); angular.module('myModule') .value('year', 2000); // BAD: year is of kind 'value'

To solve this problem, the year service has to be of kind constant.

angular.module('myModule', []) .config(['year', function(year) { // ... }]); angular.module('myModule') .constant('year', 2000); // GOOD: year is of kind 'constant'

References