JavaScript: Make type tracking-related parameter and predicate names more consistent.

Max Schaefer · Max Schaefer · commit 3e16d16525c8 · 2019-03-26T13:00:09.000Z
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Connect.qll b/javascript/ql/src/semmle/javascript/frameworks/Connect.qll
@@ -125,8 +125,8 @@ module Connect {
       t.start() and
       result = getARouteHandlerExpr().flow().getALocalSource()
       or
-      exists(DataFlow::TypeBackTracker next |
-        result = getARouteHandler(next).backtrack(next, t)
+      exists(DataFlow::TypeBackTracker t2 |
+        result = getARouteHandler(t2).backtrack(t2, t)
       )
     }
 
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Electron.qll b/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
@@ -60,8 +60,8 @@ module Electron {
     t.start() and
     result instanceof NewBrowserObject
     or
-    exists(DataFlow::TypeTracker prev |
-      result = browserObject(prev).track(prev, t)
+    exists(DataFlow::TypeTracker t2 |
+      result = browserObject(t2).track(t2, t)
     )
   }
 
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Express.qll b/javascript/ql/src/semmle/javascript/frameworks/Express.qll
@@ -118,8 +118,8 @@ module Express {
       t.start() and
       result = getARouteHandlerExpr().flow().getALocalSource()
       or
-      exists(DataFlow::TypeBackTracker next |
-        result = getARouteHandler(next).backtrack(next, t)
+      exists(DataFlow::TypeBackTracker t2 |
+        result = getARouteHandler(t2).backtrack(t2, t)
       )
     }
 
diff --git a/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll b/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll
@@ -282,13 +282,13 @@ module HTTP {
        */
       abstract RouteHandler getRouteHandler();
 
-      predicate flowsTo(DataFlow::Node nd) { flowsToSourceNode(DataFlow::TypeTracker::end()).flowsTo(nd) }
+      predicate flowsTo(DataFlow::Node nd) { ref(DataFlow::TypeTracker::end()).flowsTo(nd) }
 
-      private DataFlow::SourceNode flowsToSourceNode(DataFlow::TypeTracker t) {
+      private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
         t.start() and
         result = this
         or
-        exists(DataFlow::TypeTracker prev | result = flowsToSourceNode(prev).track(prev, t))
+        exists(DataFlow::TypeTracker t2 | result = ref(t2).track(t2, t))
       }
     }
 
@@ -303,13 +303,13 @@ module HTTP {
        */
       abstract RouteHandler getRouteHandler();
 
-      predicate flowsTo(DataFlow::Node nd) { flowsToSourceNode(DataFlow::TypeTracker::end()).flowsTo(nd) }
+      predicate flowsTo(DataFlow::Node nd) { ref(DataFlow::TypeTracker::end()).flowsTo(nd) }
 
-      private DataFlow::SourceNode flowsToSourceNode(DataFlow::TypeTracker t) {
+      private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
         t.start() and
         result = this
         or
-        exists(DataFlow::TypeTracker prev | result = flowsToSourceNode(prev).track(prev, t))
+        exists(DataFlow::TypeTracker t2 | result = ref(t2).track(t2, t))
       }
     }
 
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Hapi.qll b/javascript/ql/src/semmle/javascript/frameworks/Hapi.qll
@@ -200,8 +200,8 @@ module Hapi {
       t.start() and
       result = handler.flow().getALocalSource()
       or
-      exists(DataFlow::TypeBackTracker next |
-        result = getARouteHandler(next).backtrack(next, t)
+      exists(DataFlow::TypeBackTracker t2 |
+        result = getARouteHandler(t2).backtrack(t2, t)
       )
     }
 
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Koa.qll b/javascript/ql/src/semmle/javascript/frameworks/Koa.qll
@@ -79,15 +79,15 @@ module Koa {
     RouteHandler getRouteHandler() { result = rh }
 
     predicate flowsTo(DataFlow::Node nd) {
-      flowsToSourceNode(DataFlow::TypeTracker::end()).flowsTo(nd)
+      ref(DataFlow::TypeTracker::end()).flowsTo(nd)
     }
 
-    private DataFlow::SourceNode flowsToSourceNode(DataFlow::TypeTracker t) {
+    private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
       t.start() and
       result = this
       or
-      exists(DataFlow::TypeTracker prev |
-        result = flowsToSourceNode(prev).track(prev, t)
+      exists(DataFlow::TypeTracker t2 |
+        result = ref(t2).track(t2, t)
       )
     }
   }
diff --git a/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll b/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
@@ -196,8 +196,8 @@ module NodeJSLib {
       t.start() and
       result = handler.flow().getALocalSource()
       or
-      exists(DataFlow::TypeBackTracker next |
-        result = getARouteHandler(next).backtrack(next, t)
+      exists(DataFlow::TypeBackTracker t2 |
+        result = getARouteHandler(t2).backtrack(t2, t)
       )
     }
 
diff --git a/javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll b/javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll
@@ -25,16 +25,15 @@ module SocketIO {
   }
 
   /**
-   * Gets a data flow node that may refer to the socket.io server created at `srv`, with
-   * type tracking info stored in `t`.
+   * Gets a data flow node that may refer to the socket.io server created at `srv`.
    */
   private DataFlow::SourceNode server(ServerObject srv, DataFlow::TypeTracker t) {
     result = newServer() and
     srv = MkServer(result) and
     t.start()
     or
-    exists(DataFlow::TypeTracker s, DataFlow::SourceNode pred | pred = server(srv, s) |
-      result = pred.track(s, t)
+    exists(DataFlow::TypeTracker t2, DataFlow::SourceNode pred | pred = server(srv, t2) |
+      result = pred.track(t2, t)
       or
       // invocation of a chainable method
       exists(DataFlow::MethodCallNode mcn, string m |
@@ -52,7 +51,7 @@ module SocketIO {
         // exclude getter versions
         exists(mcn.getAnArgument()) and
         result = mcn and
-        t = s
+        t = t2
       )
     )
   }
@@ -85,8 +84,7 @@ module SocketIO {
   }
 
   /**
-   * Gets a data flow node that may refer to the socket.io namespace created at `ns`, with
-   * type tracking info stored in `t`.
+   * Gets a data flow node that may refer to the socket.io namespace created at `ns`.
    */
   private DataFlow::SourceNode namespace(NamespaceObject ns, DataFlow::TypeTracker t) {
     t.start() and
@@ -107,12 +105,12 @@ module SocketIO {
       ns = srv.getServer().getDefaultNamespace()
     )
     or
-    exists(DataFlow::SourceNode pred, DataFlow::TypeTracker s | pred = namespace(ns, s) |
-      result = pred.track(s, t)
+    exists(DataFlow::SourceNode pred, DataFlow::TypeTracker t2 | pred = namespace(ns, t2) |
+      result = pred.track(t2, t)
       or
       // invocation of a chainable method
       result = pred.getAMethodCall(namespaceChainableMethod()) and
-      t = s
+      t = t2
       or
       // invocation of chainable getter method
       exists(string m |
@@ -121,7 +119,7 @@ module SocketIO {
         m = "volatile"
       |
         result = pred.getAPropertyRead(m) and
-        t = s
+        t = t2
       )
     )
   }
@@ -137,8 +135,7 @@ module SocketIO {
   }
 
   /**
-   * Gets a data flow node that may refer to a socket.io socket belonging to namespace `ns`, with
-   * type tracking info stored in `t`.
+   * Gets a data flow node that may refer to a socket.io socket belonging to namespace `ns`.
    */
   private DataFlow::SourceNode socket(NamespaceObject ns, DataFlow::TypeTracker t) {
     // callback accepting a socket
@@ -155,8 +152,8 @@ module SocketIO {
       result = on.getCallback(1).getParameter(0)
     )
     or
-    exists(DataFlow::SourceNode pred, DataFlow::TypeTracker s | pred = socket(ns, s) |
-      result = pred.track(s, t)
+    exists(DataFlow::SourceNode pred, DataFlow::TypeTracker t2 | pred = socket(ns, t2) |
+      result = pred.track(t2, t)
       or
       // invocation of a chainable method
       exists(string m |
@@ -174,7 +171,7 @@ module SocketIO {
         m = EventEmitter::chainableMethod()
       |
         result = pred.getAMethodCall(m) and
-        t = s
+        t = t2
       )
       or
       // invocation of a chainable getter method
@@ -185,7 +182,7 @@ module SocketIO {
         m = "volatile"
       |
         result = pred.getAPropertyRead(m) and
-        t = s
+        t = t2
       )
     )
   }
@@ -395,8 +392,7 @@ module SocketIO {
  */
 module SocketIOClient {
   /**
-   * Gets a data flow node that may refer to the socket.io socket created at `invk`, with
-   * type tracking info stored in `t`.
+   * Gets a data flow node that may refer to the socket.io socket created at `invk`.
    */
   private DataFlow::SourceNode socket(DataFlow::InvokeNode invk, DataFlow::TypeTracker t) {
     t.start() and
@@ -410,7 +406,7 @@ module SocketIOClient {
       result = invk
     )
     or
-    exists(DataFlow::TypeTracker s | result = socket(invk, s).track(s, t))
+    exists(DataFlow::TypeTracker t2 | result = socket(invk, t2).track(t2, t))
   }
 
   /** A data flow node that may produce a socket object. */

Original file line number	Diff line number	Diff line change
`@@ -125,8 +125,8 @@ module Connect {`
`125`	`125`	`t.start() and`
`126`	`126`	`result = getARouteHandlerExpr().flow().getALocalSource()`
`127`	`127`	`or`
`128`		`- exists(DataFlow::TypeBackTracker next \|`
`129`		`- result = getARouteHandler(next).backtrack(next, t)`
	`128`	`+ exists(DataFlow::TypeBackTracker t2 \|`
	`129`	`+ result = getARouteHandler(t2).backtrack(t2, t)`
`130`	`130`	`)`
`131`	`131`	`}`
`132`	`132`
Original file line number	Diff line number	Diff line change
`@@ -60,8 +60,8 @@ module Electron {`
`60`	`60`	`t.start() and`
`61`	`61`	`result instanceof NewBrowserObject`
`62`	`62`	`or`
`63`		`- exists(DataFlow::TypeTracker prev \|`
`64`		`- result = browserObject(prev).track(prev, t)`
	`63`	`+ exists(DataFlow::TypeTracker t2 \|`
	`64`	`+ result = browserObject(t2).track(t2, t)`
`65`	`65`	`)`
`66`	`66`	`}`
`67`	`67`
Original file line number	Diff line number	Diff line change
`@@ -118,8 +118,8 @@ module Express {`
`118`	`118`	`t.start() and`
`119`	`119`	`result = getARouteHandlerExpr().flow().getALocalSource()`
`120`	`120`	`or`
`121`		`- exists(DataFlow::TypeBackTracker next \|`
`122`		`- result = getARouteHandler(next).backtrack(next, t)`
	`121`	`+ exists(DataFlow::TypeBackTracker t2 \|`
	`122`	`+ result = getARouteHandler(t2).backtrack(t2, t)`
`123`	`123`	`)`
`124`	`124`	`}`
`125`	`125`
Original file line number	Diff line number	Diff line change
`@@ -200,8 +200,8 @@ module Hapi {`
`200`	`200`	`t.start() and`
`201`	`201`	`result = handler.flow().getALocalSource()`
`202`	`202`	`or`
`203`		`- exists(DataFlow::TypeBackTracker next \|`
`204`		`- result = getARouteHandler(next).backtrack(next, t)`
	`203`	`+ exists(DataFlow::TypeBackTracker t2 \|`
	`204`	`+ result = getARouteHandler(t2).backtrack(t2, t)`
`205`	`205`	`)`
`206`	`206`	`}`
`207`	`207`
Original file line number	Diff line number	Diff line change
`@@ -79,15 +79,15 @@ module Koa {`
`79`	`79`	`RouteHandler getRouteHandler() { result = rh }`
`80`	`80`
`81`	`81`	`predicate flowsTo(DataFlow::Node nd) {`
`82`		`- flowsToSourceNode(DataFlow::TypeTracker::end()).flowsTo(nd)`
	`82`	`+ ref(DataFlow::TypeTracker::end()).flowsTo(nd)`
`83`	`83`	`}`
`84`	`84`
`85`		`- private DataFlow::SourceNode flowsToSourceNode(DataFlow::TypeTracker t) {`
	`85`	`+ private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {`
`86`	`86`	`t.start() and`
`87`	`87`	`result = this`
`88`	`88`	`or`
`89`		`- exists(DataFlow::TypeTracker prev \|`
`90`		`- result = flowsToSourceNode(prev).track(prev, t)`
	`89`	`+ exists(DataFlow::TypeTracker t2 \|`
	`90`	`+ result = ref(t2).track(t2, t)`
`91`	`91`	`)`
`92`	`92`	`}`
`93`	`93`	`}`
Original file line number	Diff line number	Diff line change
`@@ -196,8 +196,8 @@ module NodeJSLib {`
`196`	`196`	`t.start() and`
`197`	`197`	`result = handler.flow().getALocalSource()`
`198`	`198`	`or`
`199`		`- exists(DataFlow::TypeBackTracker next \|`
`200`		`- result = getARouteHandler(next).backtrack(next, t)`
	`199`	`+ exists(DataFlow::TypeBackTracker t2 \|`
	`200`	`+ result = getARouteHandler(t2).backtrack(t2, t)`
`201`	`201`	`)`
`202`	`202`	`}`
`203`	`203`