Merge pull request #151 from asger-semmle/ts-ambient-toplevel

semmle-qlci · web-flow · commit 50b5a3bd719c · 2018-09-05T10:52:08.000+01:00
Approved by xiemaisi
diff --git a/change-notes/1.18/analysis-javascript.md b/change-notes/1.18/analysis-javascript.md
@@ -85,6 +85,8 @@
   - [xss](https://github.com/leizongmin/js-xss)
   - [xtend](https://github.com/Raynos/xtend)
 
+* Handling of ambient TypeScript code has been improved. As a result, fewer false positives will be reported in `.d.ts` files.
+
 ## New queries
 
 | **Query**                   | **Tags**  | **Purpose**                                                        |
diff --git a/javascript/ql/src/Expressions/SuspiciousInvocation.ql b/javascript/ql/src/Expressions/SuspiciousInvocation.ql
@@ -15,5 +15,6 @@ private import semmle.javascript.dataflow.InferredTypes
 
 from InvokeExpr invk, DataFlow::AnalyzedNode callee
 where callee.asExpr() = invk.getCallee() and
-      forex (InferredType tp | tp = callee.getAType() | tp != TTFunction() and tp != TTClass())
+      forex (InferredType tp | tp = callee.getAType() | tp != TTFunction() and tp != TTClass()) and
+      not invk.isAmbient()
 select invk, "Callee is not a function: it has type " + callee.ppTypes() + "."
diff --git a/javascript/ql/src/Expressions/SuspiciousPropAccess.ql b/javascript/ql/src/Expressions/SuspiciousPropAccess.ql
@@ -31,5 +31,6 @@ predicate namespaceOrConstEnumAccess(VarAccess e) {
 from PropAccess pacc, DataFlow::AnalyzedNode base
 where base.asExpr() = pacc.getBase() and
       forex (InferredType tp | tp = base.getAType() | tp = TTNull() or tp = TTUndefined()) and
-      not namespaceOrConstEnumAccess(pacc.getBase())
+      not namespaceOrConstEnumAccess(pacc.getBase()) and
+      not pacc.isAmbient()
 select pacc, "The base expression of this property access is always " + base.ppTypes() + "."
diff --git a/javascript/ql/src/semmle/javascript/AST.qll b/javascript/ql/src/semmle/javascript/AST.qll
@@ -208,6 +208,11 @@ class TopLevel extends @toplevel, StmtContainer {
   override string toString() {
     result = "<toplevel>"
   }
+
+  override predicate isAmbient() {
+    getFile().getFileType().isTypeScript() and
+    getFile().getBaseName().matches("%.d.ts")
+  }
 }
 
 /**
diff --git a/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/ambient_extends.d.ts b/javascript/ql/test/query-tests/Expressions/SuspiciousInvocation/ambient_extends.d.ts
@@ -0,0 +1,3 @@
+export class Subclass extends BaseClass {} // OK - ambient context
+
+export class BaseClass {}

Original file line number	Diff line number	Diff line change
`@@ -208,6 +208,11 @@ class TopLevel extends @toplevel, StmtContainer {`
`208`	`208`	`override string toString() {`
`209`	`209`	`result = "<toplevel>"`
`210`	`210`	`}`
	`211`	`+`
	`212`	`+ override predicate isAmbient() {`
	`213`	`+ getFile().getFileType().isTypeScript() and`
	`214`	`+ getFile().getBaseName().matches("%.d.ts")`
	`215`	`+ }`
`211`	`216`	`}`
`212`	`217`
`213`	`218`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+export class Subclass extends BaseClass {} // OK - ambient context`
	`2`	`+`
	`3`	`+export class BaseClass {}`