JS: ensure PropWrites exist for all instance members

Author: asger-semmle

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

@@ -494,6 +494,29 @@ module DataFlow {
     override ControlFlowNode getWriteNode() { result = prop }
   }
 
+  /**
+   * An instance method definition, viewed as a data flow node that adds
+   * a property to an unseen value.
+   */
+  private class InstanceMethodAsPropWrite extends PropWrite, PropNode {
+    override MethodDefinition prop;
+
+    InstanceMethodAsPropWrite() { not prop.isStatic() }
+
+    override Node getBase() { none() } // The prototype has no DataFlow node
+
+    override Expr getPropertyNameExpr() { result = prop.getNameExpr() }
+
+    override string getPropertyName() { result = prop.getName() }
+
+    override Node getRhs() {
+      not prop instanceof AccessorMethodDefinition and
+      result = valueNode(prop.getInit())
+    }
+
+    override ControlFlowNode getWriteNode() { result = prop }
+  }
+
   /**
    * A JSX attribute definition, viewed as a data flow node that writes properties to
    * the JSX element it is in.
@@ -532,14 +555,13 @@ module DataFlow {
   }
 
   /**
-   * An instance field with an initializer expression, seen as a property write.
+   * An instance field, seen as a property write.
    */
   private class InstanceFieldAsPropWrite extends PropWrite, PropNode {
     override FieldDefinition prop;
 
     InstanceFieldAsPropWrite() {
       not prop.isStatic() and
-      exists(prop.getInit()) and
       not prop instanceof ParameterField
     }
 

javascript/ql/test/library-tests/PropWrite/PropWrite.expected

@@ -1,9 +1,13 @@
+| classes.ts:3:21:3:20 | constructor() {} |
 | classes.ts:4:3:4:24 | instanc ...  foo(); |
+| classes.ts:8:3:8:39 | constru ... eld) {} |
 | classes.ts:8:15:8:35 | public  ... erField |
 | tst.js:3:5:3:8 | x: 4 |
 | tst.js:4:5:6:5 | func: f ... ;\\n    } |
 | tst.js:7:5:9:5 | f() {\\n  ... ;\\n    } |
+| tst.js:12:9:12:8 | constructor() {} |
 | tst.js:13:3:15:3 | static  ... x);\\n  } |
+| tst.js:16:3:18:3 | f(x) {\\n ... x);\\n  } |
 | tst.js:21:1:21:6 | C.prop |
 | tst.js:24:13:24:27 | onClick={click} |
 | tst.js:27:3:27:26 | get x() ... null; } |

javascript/ql/test/library-tests/PropWrite/PropWritePropName.expected

@@ -1,9 +1,13 @@
+| classes.ts:3:21:3:20 | constructor() {} | constructor |
 | classes.ts:4:3:4:24 | instanc ...  foo(); | instanceField |
+| classes.ts:8:3:8:39 | constru ... eld) {} | constructor |
 | classes.ts:8:15:8:35 | public  ... erField | parameterField |
 | tst.js:3:5:3:8 | x: 4 | x |
 | tst.js:4:5:6:5 | func: f ... ;\\n    } | func |
 | tst.js:7:5:9:5 | f() {\\n  ... ;\\n    } | f |
+| tst.js:12:9:12:8 | constructor() {} | constructor |
 | tst.js:13:3:15:3 | static  ... x);\\n  } | func |
+| tst.js:16:3:18:3 | f(x) {\\n ... x);\\n  } | f |
 | tst.js:21:1:21:6 | C.prop | prop |
 | tst.js:24:13:24:27 | onClick={click} | onClick |
 | tst.js:27:3:27:26 | get x() ... null; } | x |

javascript/ql/test/library-tests/PropWrite/PropWriteRhs.expected

@@ -1,9 +1,13 @@
+| classes.ts:3:21:3:20 | constructor() {} | classes.ts:3:21:3:20 | () {} |
 | classes.ts:4:3:4:24 | instanc ...  foo(); | classes.ts:4:19:4:23 | foo() |
+| classes.ts:8:3:8:39 | constru ... eld) {} | classes.ts:8:3:8:39 | constru ... eld) {} |
 | classes.ts:8:15:8:35 | public  ... erField | classes.ts:8:22:8:35 | parameterField |
 | tst.js:3:5:3:8 | x: 4 | tst.js:3:8:3:8 | 4 |
 | tst.js:4:5:6:5 | func: f ... ;\\n    } | tst.js:4:11:6:5 | functio ... ;\\n    } |
 | tst.js:7:5:9:5 | f() {\\n  ... ;\\n    } | tst.js:7:6:9:5 | () {\\n   ... ;\\n    } |
+| tst.js:12:9:12:8 | constructor() {} | tst.js:12:9:12:8 | () {} |
 | tst.js:13:3:15:3 | static  ... x);\\n  } | tst.js:13:14:15:3 | (x) {\\n  ... x);\\n  } |
+| tst.js:16:3:18:3 | f(x) {\\n ... x);\\n  } | tst.js:16:4:18:3 | (x) {\\n  ... x);\\n  } |
 | tst.js:21:1:21:6 | C.prop | tst.js:21:10:21:11 | 56 |
 | tst.js:24:13:24:27 | onClick={click} | tst.js:24:22:24:26 | click |
 | tst.js:32:5:32:8 | n: 1 | tst.js:32:8:32:8 | 1 |