add API in PackageExports.qll for getting a value exported under a name

Author: erik-krogh

javascript/ql/src/semmle/javascript/PackageExports.qll

@@ -40,7 +40,7 @@ DataFlow::Node getAValueExportedBy(PackageJSON packageJSON) {
   exists(DataFlow::SourceNode callee |
     callee = getAValueExportedBy(packageJSON).(DataFlow::NewNode).getCalleeNode().getALocalSource()
   |
-    result = callee.getAPropertyRead("prototype").getAPropertyWrite()
+    result = callee.getAPropertyRead("prototype").getAPropertyWrite().getRhs()
     or
     result = callee.(DataFlow::ClassNode).getAnInstanceMethod()
   )
@@ -68,10 +68,22 @@ DataFlow::Node getAValueExportedBy(PackageJSON packageJSON) {
 private DataFlow::Node getAnExportFromModule(Module mod) {
   result.analyze().getAValue() = mod.(NodeModule).getAModuleExportsValue()
   or
-  exists(ASTNode export | result.getEnclosingExpr() = export | mod.exports(_, export))
+  result = getAnExportedValue(mod, _)
+}
+
+/**
+ * Gets a value exported from `mod` under `name`.
+ */
+DataFlow::Node getAnExportedValue(Module mod, string name) {
+  exists(Property export | result.asExpr() = export.getInit() | mod.exports(name, export))
+  or
+  result =
+    DataFlow::valueNode(any(ASTNode export | mod.exports(name, export)))
+        .(DataFlow::PropWrite)
+        .getRhs()
   or
   exists(ExportDeclaration export |
-    result = export.getSourceNode(_) and
-    mod = export.getTopLevel()
+    result = export.getSourceNode(name) and
+    mod = export.getEnclosingModule()
   )
 }

javascript/ql/test/library-tests/PackageExports/lib1/baz.js

@@ -0,0 +1,5 @@
+module.exports = {
+    // not imported from anywhere
+    foo: function foo() {},
+    bar: function bar() {}
+}

javascript/ql/test/library-tests/PackageExports/tests.expected

@@ -34,3 +34,12 @@ getAValueExportedBy
 | lib1/sublib/package.json:1:1:3:1 | {\\n    " ... b.js"\\n} | lib1/sublib/sublib.js:1:1:1:0 | this |
 | lib1/sublib/package.json:1:1:3:1 | {\\n    " ... b.js"\\n} | lib1/sublib/sublib.js:1:1:1:73 | module. ... rt() {} |
 | lib1/sublib/package.json:1:1:3:1 | {\\n    " ... b.js"\\n} | lib1/sublib/sublib.js:1:18:1:73 | functio ... rt() {} |
+getAnExportedValue
+| absent_main/index.js:1:1:2:0 | <toplevel> | foo | absent_main/index.js:1:22:1:34 | function() {} |
+| esmodules/main.js:1:1:4:0 | <toplevel> | exported | esmodules/main.js:1:8:1:29 | functio ... ed() {} |
+| lib1/baz.js:1:1:5:1 | <toplevel> | bar | lib1/baz.js:4:10:4:26 | function bar() {} |
+| lib1/baz.js:1:1:5:1 | <toplevel> | foo | lib1/baz.js:3:10:3:26 | function foo() {} |
+| lib1/foo.js:1:1:3:47 | <toplevel> | foo | lib1/foo.js:3:22:3:47 | functio ... ed() {} |
+| lib1/main.js:1:1:17:30 | <toplevel> | Baz | lib1/main.js:17:22:17:30 | new Baz() |
+| lib1/main.js:1:1:17:30 | <toplevel> | bar | lib1/main.js:5:22:9:1 | class B ... () {}\\n} |
+| lib1/main.js:1:1:17:30 | <toplevel> | foo | lib1/main.js:3:22:3:40 | require("./foo.js") |

javascript/ql/test/library-tests/PackageExports/tests.ql

@@ -6,3 +6,7 @@ query PackageJSON getTopmostPackageJSON() { result = Exports::getTopmostPackageJ
 query DataFlow::Node getAValueExportedBy(PackageJSON json) {
   result = Exports::getAValueExportedBy(json)
 }
+
+query DataFlow::Node getAnExportedValue(Module mod, string name) {
+  result = Exports::getAnExportedValue(mod, name)
+}