JS: use extensible architecture for Electron- and NodeClientRequest

Esben Sparre Andreasen · Esben Sparre Andreasen · commit 2306afdebf82 · 2018-09-05T09:20:45.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
@@ -10,7 +10,7 @@ import javascript
 /**
  * A call that performs a request to a URL.
  */
-class CustomClientRequest extends DataFlow::CallNode {
+class CustomClientRequest extends DataFlow::InvokeNode {
 
   /**
    * Gets the URL of the request.
@@ -21,7 +21,7 @@ class CustomClientRequest extends DataFlow::CallNode {
 /**
  * A call that performs a request to a URL.
  */
-class ClientRequest extends DataFlow::CallNode {
+class ClientRequest extends DataFlow::InvokeNode {
 
   CustomClientRequest custom;
 
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Electron.qll b/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
@@ -33,29 +33,51 @@ module Electron {
       this = DataFlow::moduleMember("electron", "BrowserView").getAnInstantiation()
     }
   }
-  
+
+  /**
+   * A Node.js-style HTTP or HTTPS request made using an Electron module.
+   */
+  abstract class CustomElectronClientRequest extends NodeJSLib::CustomNodeJSClientRequest {}
+
   /**
    * A Node.js-style HTTP or HTTPS request made using an Electron module.
    */
-  abstract class ElectronClientRequest extends NodeJSLib::NodeJSClientRequest {}
+  class ElectronClientRequest extends NodeJSLib::NodeJSClientRequest {
+
+    ElectronClientRequest() {
+      this instanceof CustomElectronClientRequest
+    }
+
+  }
   
   /**
    * A Node.js-style HTTP or HTTPS request made using `electron.net`, for example `net.request(url)`.
    */
-  private class NetRequest extends ElectronClientRequest {
+  private class NetRequest extends CustomElectronClientRequest {
     NetRequest() {
       this = DataFlow::moduleMember("electron", "net").getAMemberCall("request")
     }
+
+    override DataFlow::Node getUrl() {
+      result = getArgument(0) or
+      result = getOptionArgument(0, "url")
+    }
+
   }
-  
-  
+
   /**
    * A Node.js-style HTTP or HTTPS request made using `electron.client`, for example `new client(url)`.
    */
-  private class NewClientRequest extends ElectronClientRequest {
+  private class NewClientRequest extends CustomElectronClientRequest {
     NewClientRequest() {
       this = DataFlow::moduleMember("electron", "ClientRequest").getAnInstantiation()
     }
+
+    override DataFlow::Node getUrl() {
+      result = getArgument(0) or
+      result = getOptionArgument(0, "url")
+    }
+
   }
   
     
diff --git a/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll b/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
@@ -504,14 +504,25 @@ module NodeJSLib {
   /**
    * A data flow node that is an HTTP or HTTPS client request made by a Node.js application, for example `http.request(url)`.
    */
-  abstract class NodeJSClientRequest extends DataFlow::DefaultSourceNode {
+  abstract class CustomNodeJSClientRequest extends CustomClientRequest {
+
+  }
+
+  /**
+   * A data flow node that is an HTTP or HTTPS client request made by a Node.js application, for example `http.request(url)`.
+   */
+  class NodeJSClientRequest extends ClientRequest {
+
+    NodeJSClientRequest() {
+      this instanceof CustomNodeJSClientRequest
+    }
 
   }
   
   /**
    * A model of a URL request in the Node.js `http` library.
    */
-  private class NodeHttpUrlRequest extends CustomClientRequest, NodeJSClientRequest {
+  private class NodeHttpUrlRequest extends CustomNodeJSClientRequest {
 
     DataFlow::Node url;
 
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest.expected
@@ -14,3 +14,9 @@
 | tst.js:33:5:33:19 | got.stream(url) | tst.js:33:16:33:18 | url |
 | tst.js:35:5:35:21 | window.fetch(url) | tst.js:35:18:35:20 | url |
 | tst.js:37:5:37:18 | nodeFetch(url) | tst.js:37:15:37:17 | url |
+| tst.js:39:5:39:20 | net.request(url) | tst.js:39:17:39:19 | url |
+| tst.js:41:5:41:29 | net.req ...  url }) | tst.js:41:17:41:28 | { url: url } |
+| tst.js:41:5:41:29 | net.req ...  url }) | tst.js:41:24:41:26 | url |
+| tst.js:43:5:43:26 | new Cli ... st(url) | tst.js:43:23:43:25 | url |
+| tst.js:45:5:45:35 | new Cli ...  url }) | tst.js:45:23:45:34 | { url: url } |
+| tst.js:45:5:45:35 | new Cli ...  url }) | tst.js:45:30:45:32 | url |
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js
@@ -6,7 +6,7 @@ import express from 'express';
 import axios from 'axios';
 import got from 'got';
 import nodeFetch from 'node-fetch';
-
+import {ClientRequest, net} from 'electron';
 (function() {
     request(url);
 
@@ -36,4 +36,11 @@ import nodeFetch from 'node-fetch';
 
     nodeFetch(url);
 
+    net.request(url);
+
+    net.request({ url: url });
+
+    new ClientRequest(url);
+
+    new ClientRequest({ url: url });
 });
