make globalVarRef non recursive

erik-krogh · erik-krogh · commit 69d6df78345e · 2021-02-23T10:03:17.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll b/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
@@ -365,22 +365,38 @@ DataFlow::SourceNode globalObjectRef() {
   )
   or
   // DOM
-  result = globalVarRef("window")
+  result = globalVariable("window")
   or
   // Node.js
-  result = globalVarRef("global")
+  result = globalVariable("global")
   or
   // DOM and service workers
-  result = globalVarRef("self")
+  result = globalVariable("self")
   or
   // ECMAScript 2020
-  result = globalVarRef("globalThis")
+  result = globalVariable("globalThis")
   or
   // `require("global")`
   result = moduleImport("global")
   or
   // Closure library - based on AST to avoid recursion with Closure library model
-  result = globalVarRef("goog").getAPropertyRead("global")
+  result = globalVariable("goog").getAPropertyRead("global")
+}
+
+/**
+ * Gets a reference to a global variable `name`.
+ * For example, if `name` is "foo":
+ * ```js
+ * foo
+ * require('global/foo')
+ * ```
+ */
+private DataFlow::SourceNode globalVariable(string name) {
+  result.(GlobalVarRefNode).getName() = name
+  or
+  // `require("global/document")` or `require("global/window")`
+  (name = "document" or name = "window") and
+  result = moduleImport("global/" + name)
 }
 
 /**
@@ -398,13 +414,9 @@ DataFlow::SourceNode globalObjectRef() {
  */
 pragma[nomagic]
 DataFlow::SourceNode globalVarRef(string name) {
-  result.(GlobalVarRefNode).getName() = name
+  result = globalVariable(name)
   or
   result = globalObjectRef().getAPropertyReference(name)
-  or
-  // `require("global/document")` or `require("global/window")`
-  (name = "document" or name = "window") and
-  result = moduleImport("global/" + name)
 }
 
 /**
diff --git a/javascript/ql/test/library-tests/Nodes/globalObjectRef.expected b/javascript/ql/test/library-tests/Nodes/globalObjectRef.expected
@@ -9,6 +9,5 @@
 | tst.js:1:1:1:6 | window |
 | tst.js:3:1:3:6 | window |
 | tst.js:4:1:4:6 | window |
-| tst.js:4:1:4:13 | window.window |
 | tst.js:5:1:5:4 | self |
 | tst.js:6:1:6:10 | globalThis |
diff --git a/javascript/ql/test/library-tests/Nodes/globalVarRef.expected b/javascript/ql/test/library-tests/Nodes/globalVarRef.expected
@@ -2,7 +2,6 @@
 | String | tst2.js:9:1:9:11 | this.String |
 | document | tst2.js:2:1:2:26 | require ... ument") |
 | document | tst.js:3:1:3:15 | window.document |
-| document | tst.js:4:1:4:22 | window. ... ocument |
 | document | tst.js:5:1:5:13 | self.document |
 | document | tst.js:6:1:6:19 | globalThis.document |
 | foo | tst3.js:4:1:4:5 | w.foo |
