JavaScript: Autoformat new libraries.

Author: Max Schaefer

javascript/ql/src/Security/Summaries/AllConfigurations.qll

@@ -3,7 +3,6 @@
  */
 
 import javascript
-
 import semmle.javascript.security.dataflow.BrokenCryptoAlgorithm
 import semmle.javascript.security.dataflow.CleartextLogging
 import semmle.javascript.security.dataflow.CleartextStorage

javascript/ql/src/Security/Summaries/ExtractFlowStepSummaries.ql

@@ -13,20 +13,20 @@ import AllConfigurations
 import PortalExitSource
 import PortalEntrySink
 
-from TaintTracking::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink,
-     Portal p1, Portal p2, DataFlow::FlowLabel lbl1, DataFlow::FlowLabel lbl2
-where cfg.hasFlowPath(source, sink) and
-      p1 = source.getNode().(PortalExitSource).getPortal() and
-      p2 = sink.getNode().(PortalEntrySink).getPortal() and
-      lbl1 = sink.getPathSummary().getStartLabel() and
-      lbl2 = sink.getPathSummary().getEndLabel() and
-      // avoid constructing infeasible paths
-      sink.getPathSummary().hasCall() = false and
-      sink.getPathSummary().hasReturn() = false and
-      // restrict to steps flow function parameters to returns
-      p1.(ParameterPortal).getBasePortal() = p2.(ReturnPortal).getBasePortal() and
-      // restrict to data/taint flow
-      lbl1 instanceof DataFlow::StandardFlowLabel
-select p1.toString(), lbl1.toString(),
-       p2.toString(), lbl2.toString(),
-       cfg.toString()
+from
+  TaintTracking::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Portal p1,
+  Portal p2, DataFlow::FlowLabel lbl1, DataFlow::FlowLabel lbl2
+where
+  cfg.hasFlowPath(source, sink) and
+  p1 = source.getNode().(PortalExitSource).getPortal() and
+  p2 = sink.getNode().(PortalEntrySink).getPortal() and
+  lbl1 = sink.getPathSummary().getStartLabel() and
+  lbl2 = sink.getPathSummary().getEndLabel() and
+  // avoid constructing infeasible paths
+  sink.getPathSummary().hasCall() = false and
+  sink.getPathSummary().hasReturn() = false and
+  // restrict to steps flow function parameters to returns
+  p1.(ParameterPortal).getBasePortal() = p2.(ReturnPortal).getBasePortal() and
+  // restrict to data/taint flow
+  lbl1 instanceof DataFlow::StandardFlowLabel
+select p1.toString(), lbl1.toString(), p2.toString(), lbl2.toString(), cfg.toString()

javascript/ql/src/Security/Summaries/ExtractSinkSummaries.ql

@@ -1,6 +1,6 @@
 /**
  * @name Extract sink summaries
- * @description Extracts sink summaries, that is, tuples `(p, lbl, cfg)` representing the fact 
+ * @description Extracts sink summaries, that is, tuples `(p, lbl, cfg)` representing the fact
  *              that data with flow label `lbl` may flow from a user-controlled exit node of portal
  *              `p` to a known sink for configuration `cfg`.
  * @kind sink-summary
@@ -11,10 +11,10 @@ import AllConfigurations
 import PortalExitSource
 import SinkFromAnnotation
 
-from TaintTracking::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink,
-     Portal p
-where cfg.hasFlowPath(source, sink) and
-      p = source.getNode().(PortalExitSource).getPortal() and
-      // avoid constructing infeasible paths
-      sink.getPathSummary().hasReturn() = false
+from TaintTracking::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Portal p
+where
+  cfg.hasFlowPath(source, sink) and
+  p = source.getNode().(PortalExitSource).getPortal() and
+  // avoid constructing infeasible paths
+  sink.getPathSummary().hasReturn() = false
 select p.toString(), source.getPathSummary().getStartLabel().toString(), cfg.toString()

javascript/ql/src/Security/Summaries/ExtractSourceSummaries.ql

@@ -11,10 +11,10 @@ import AllConfigurations
 import PortalEntrySink
 import SourceFromAnnotation
 
-from TaintTracking::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink,
-     Portal p
-where cfg.hasFlowPath(source, sink) and
-      p = sink.getNode().(PortalEntrySink).getPortal() and
-      // avoid constructing infeasible paths
-      sink.getPathSummary().hasCall() = false
+from TaintTracking::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Portal p
+where
+  cfg.hasFlowPath(source, sink) and
+  p = sink.getNode().(PortalEntrySink).getPortal() and
+  // avoid constructing infeasible paths
+  sink.getPathSummary().hasCall() = false
 select p.toString(), sink.getPathSummary().getEndLabel().toString(), cfg.toString()

javascript/ql/src/Security/Summaries/ImportFromCsv.qll

@@ -12,38 +12,28 @@ private import Shared
  * An additional source specified in an `additional-sources.csv` file.
  */
 class AdditionalSourceSpec extends ExternalData {
-  AdditionalSourceSpec() {
-    this.getDataPath() = "additional-sources.csv"
-  }
+  AdditionalSourceSpec() { this.getDataPath() = "additional-sources.csv" }
 
   /**
    * Gets the portal of this additional source.
    */
-  Portal getPortal() {
-    result.toString() = getField(0)
-  }
+  Portal getPortal() { result.toString() = getField(0) }
 
   /**
    * Gets the flow label of this source.
    */
-  DataFlow::FlowLabel getFlowLabel() {
-    sourceFlowLabelSpec(result, getField(1))
-  }
+  DataFlow::FlowLabel getFlowLabel() { sourceFlowLabelSpec(result, getField(1)) }
 
   /**
    * Gets the configuration for which this is a source, or any
    * configuration if this source does not specify a configuration.
    */
-  DataFlow::Configuration getConfiguration() {
-    configSpec(result, getField(2))
-  }
+  DataFlow::Configuration getConfiguration() { configSpec(result, getField(2)) }
 
   override string toString() {
-    exists (string config |
-      if getField(2) = "" then
-        config = "any configuration"
-      else
-        config = getConfiguration() |
+    exists(string config |
+      if getField(2) = "" then config = "any configuration" else config = getConfiguration()
+    |
       result = getPortal() + " as " + getFlowLabel() + " source for " + config
     )
   }
@@ -52,9 +42,7 @@ class AdditionalSourceSpec extends ExternalData {
 private class AdditionalSourceFromSpec extends DataFlow::AdditionalSource {
   AdditionalSourceSpec spec;
 
-  AdditionalSourceFromSpec() {
-    this = spec.getPortal().getAnExitNode(_)
-  }
+  AdditionalSourceFromSpec() { this = spec.getPortal().getAnExitNode(_) }
 
   override predicate isSourceFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {
     cfg = spec.getConfiguration() and lbl = spec.getFlowLabel()
@@ -65,40 +53,30 @@ private class AdditionalSourceFromSpec extends DataFlow::AdditionalSource {
  * An additional sink specified in an `additional-sinks.csv` file.
  */
 class AdditionalSinkSpec extends ExternalData {
-  AdditionalSinkSpec() {
-    this.getDataPath() = "additional-sinks.csv"
-  }
+  AdditionalSinkSpec() { this.getDataPath() = "additional-sinks.csv" }
 
   /**
    * Gets the portal specification of this additional sink.
    */
-  Portal getPortal() {
-    result.toString() = getField(0)
-  }
+  Portal getPortal() { result.toString() = getField(0) }
 
   /**
    * Gets the flow label of this sink, or any standard flow label if this sink
    * does not specify a flow label.
    */
-  DataFlow::FlowLabel getFlowLabel() {
-    sinkFlowLabelSpec(result, getField(1))
-  }
+  DataFlow::FlowLabel getFlowLabel() { sinkFlowLabelSpec(result, getField(1)) }
 
   /**
    * Gets the configuration for which this is a sink, or any configuration if
    * this sink does not specify a configuration.
    */
-  DataFlow::Configuration getConfiguration() {
-    configSpec(result, getField(2))
-  }
+  DataFlow::Configuration getConfiguration() { configSpec(result, getField(2)) }
 
   override string toString() {
-    exists (string labels, string config |
+    exists(string labels, string config |
       labels = strictconcat(getFlowLabel(), " or ") and
-      if getField(2) = "" then
-        config = "any configuration"
-      else
-        config = getConfiguration() |
+      if getField(2) = "" then config = "any configuration" else config = getConfiguration()
+    |
       result = getPortal() + " as " + labels + " sink for " + config
     )
   }
@@ -107,73 +85,59 @@ class AdditionalSinkSpec extends ExternalData {
 private class AdditionalSinkFromSpec extends DataFlow::AdditionalSink {
   AdditionalSinkSpec spec;
 
-  AdditionalSinkFromSpec() {
-    this = spec.getPortal().getAnEntryNode(_)
-  }
+  AdditionalSinkFromSpec() { this = spec.getPortal().getAnEntryNode(_) }
 
   override predicate isSinkFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {
     cfg = spec.getConfiguration() and lbl = spec.getFlowLabel()
   }
 }
+
 /**
  * An additional flow step specified in an `additional-steps.csv` file.
  */
 class AdditionalStepSpec extends ExternalData {
-  AdditionalStepSpec() {
-    this.getDataPath() = "additional-steps.csv"
-  }
+  AdditionalStepSpec() { this.getDataPath() = "additional-steps.csv" }
 
   /**
    * Gets the start portal of this additional step.
    */
-  Portal getStartPortal() {
-    result.toString() = getField(0)
-  }
+  Portal getStartPortal() { result.toString() = getField(0) }
 
   /**
    * Gets the start flow label of this additional step.
    */
-  DataFlow::FlowLabel getStartFlowLabel() {
-    result.toString() = getField(1)
-  }
+  DataFlow::FlowLabel getStartFlowLabel() { result.toString() = getField(1) }
 
   /**
    * Gets the end portal of this additional step.
    */
-  Portal getEndPortal() {
-    result.toString() = getField(2)
-  }
+  Portal getEndPortal() { result.toString() = getField(2) }
 
   /**
    * Gets the end flow label of this additional step.
    */
-  DataFlow::FlowLabel getEndFlowLabel() {
-    result.toString() = getField(3)
-  }
+  DataFlow::FlowLabel getEndFlowLabel() { result.toString() = getField(3) }
 
   /**
    * Gets the configuration to which this step should be added.
    */
-  DataFlow::Configuration getConfiguration() {
-    configSpec(result, getField(4))
-  }
+  DataFlow::Configuration getConfiguration() { configSpec(result, getField(4)) }
 
   override string toString() {
-    exists (string config |
-      if getField(4) = "" then
-        config = "any configuration"
-      else
-        config = getConfiguration() |
-      result = "edge from " + getStartPortal() + " to " + getEndPortal() +
-               ", transforming " + getStartFlowLabel() + " into " + getEndFlowLabel() +
-               " for " + config
+    exists(string config |
+      if getField(4) = "" then config = "any configuration" else config = getConfiguration()
+    |
+      result = "edge from " + getStartPortal() + " to " + getEndPortal() + ", transforming " +
+          getStartFlowLabel() + " into " + getEndFlowLabel() + " for " + config
     )
   }
 }
 
 private class AdditionalFlowStepFromSpec extends DataFlow::Configuration {
   AdditionalStepSpec spec;
+
   DataFlow::Node entry;
+
   DataFlow::Node exit;
 
   AdditionalFlowStepFromSpec() {
@@ -182,8 +146,10 @@ private class AdditionalFlowStepFromSpec extends DataFlow::Configuration {
     exit = spec.getEndPortal().getAnExitNode(_)
   }
 
-  override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ,
-                                          DataFlow::FlowLabel predlbl, DataFlow::FlowLabel succlbl) {
+  override predicate isAdditionalFlowStep(
+    DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
+    DataFlow::FlowLabel succlbl
+  ) {
     pred = entry and
     succ = exit and
     predlbl = spec.getStartFlowLabel() and

javascript/ql/src/Security/Summaries/ImportFromExternalPredicates.qll

@@ -27,14 +27,18 @@ external predicate additionalSinks(string portal, string flowLabel, string confi
  *
  * This predicate can be populated from the output of the `ExtractFlowStepSummaries` query.
  */
-external predicate additionalSteps(string startPortal, string startFlowLabel, string endPortal, string endFlowLabel, string config);
+external predicate additionalSteps(
+  string startPortal, string startFlowLabel, string endPortal, string endFlowLabel, string config
+);
 
 /**
  * An additional source specified through the `additionalSources` predicate.
  */
 private class AdditionalSourceFromSpec extends DataFlow::AdditionalSource {
   Portal portal;
+
   string flowLabel;
+
   string config;
 
   AdditionalSourceFromSpec() {
@@ -52,7 +56,9 @@ private class AdditionalSourceFromSpec extends DataFlow::AdditionalSource {
  */
 private class AdditionalSinkFromSpec extends DataFlow::AdditionalSink {
   Portal portal;
+
   string flowLabel;
+
   string config;
 
   AdditionalSinkFromSpec() {
@@ -64,26 +70,33 @@ private class AdditionalSinkFromSpec extends DataFlow::AdditionalSink {
     configSpec(cfg, config) and sinkFlowLabelSpec(lbl, flowLabel)
   }
 }
+
 /**
  * An additional flow step specified through the `additionalSteps` predicate.
  */
 private class AdditionalFlowStepFromSpec extends DataFlow::Configuration {
   DataFlow::Node entry;
+
   string startFlowLabel;
+
   DataFlow::Node exit;
+
   string endFlowLabel;
 
   AdditionalFlowStepFromSpec() {
-    exists (Portal startPortal, Portal endPortal, string config |
-      additionalSteps(startPortal.toString(), startFlowLabel, endPortal.toString(), endFlowLabel, config) and
+    exists(Portal startPortal, Portal endPortal, string config |
+      additionalSteps(startPortal.toString(), startFlowLabel, endPortal.toString(), endFlowLabel,
+        config) and
       configSpec(this, config) and
       entry = startPortal.getAnEntryNode(_) and
       exit = endPortal.getAnExitNode(_)
     )
   }
 
-  override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ,
-                                          DataFlow::FlowLabel predlbl, DataFlow::FlowLabel succlbl) {
+  override predicate isAdditionalFlowStep(
+    DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
+    DataFlow::FlowLabel succlbl
+  ) {
     pred = entry and
     succ = exit and
     predlbl = startFlowLabel and

javascript/ql/src/Security/Summaries/PortalEntrySink.qll

@@ -8,17 +8,13 @@ import semmle.javascript.dataflow.Portals
 class PortalEntrySink extends DataFlow::AdditionalSink {
   Portal p;
 
-  PortalEntrySink() {
-    this = p.getAnEntryNode(true)
-  }
+  PortalEntrySink() { this = p.getAnEntryNode(true) }
 
   override predicate isSinkFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {
     cfg instanceof TaintTracking::Configuration and
     lbl = any(DataFlow::FlowLabel l)
   }
 
   /** Gets the portal of which this is an entry node. */
-  Portal getPortal() {
-    result = p
-  }
+  Portal getPortal() { result = p }
 }