JS: s/URLRequest/ClientRequest, merge with NodeJSLib::ClientRequest

Author: Esben Sparre Andreasen

javascript/ql/src/semmle/javascript/frameworks/Electron.qll

@@ -37,12 +37,12 @@ module Electron {
   /**
    * A Node.js-style HTTP or HTTPS request made using an Electron module.
    */
-  abstract class ClientRequest extends NodeJSLib::ClientRequest {}
+  abstract class ElectronClientRequest extends NodeJSLib::NodeJSClientRequest {}
 
   /**
    * A Node.js-style HTTP or HTTPS request made using `electron.net`, for example `net.request(url)`.
    */
-  private class NetRequest extends ClientRequest {
+  private class NetRequest extends ElectronClientRequest {
     NetRequest() {
       this = DataFlow::moduleMember("electron", "net").getAMemberCall("request")
     }
@@ -56,7 +56,7 @@ module Electron {
   /**
    * A Node.js-style HTTP or HTTPS request made using `electron.client`, for example `new client(url)`.
    */
-  private class NewClientRequest extends ClientRequest {
+  private class NewClientRequest extends ElectronClientRequest {
     NewClientRequest() {
       this = DataFlow::moduleMember("electron", "ClientRequest").getAnInstantiation()
     }
@@ -75,12 +75,12 @@ module Electron {
       exists(NodeJSLib::ClientRequestHandler handler |
         this = handler.getParameter(0) and
         handler.getAHandledEvent() = "redirect" and
-        handler.getClientRequest() instanceof ClientRequest
+        handler.getClientRequest() instanceof ElectronClientRequest
       )
     }
 
     override string getSourceType() {
-      result = "Electron ClientRequest redirect event"
+      result = "ElectronClientRequest redirect event"
     }
   }
 }

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

@@ -504,48 +504,38 @@ module NodeJSLib {
   /**
    * A data flow node that is an HTTP or HTTPS client request made by a Node.js server, for example `http.request(url)`.
    */
-  abstract class ClientRequest extends DataFlow::DefaultSourceNode {
+  abstract class NodeJSClientRequest extends DataFlow::DefaultSourceNode {
+
     /**
      * Gets the options object or string URL used to make the request.
      */
     abstract DataFlow::Node getOptions();
   }
 
   /**
-   * A data flow node that is an HTTP or HTTPS client request made by a Node.js server, for example `http.request(url)`.
+   * A model of a URL request in the Node.js `http` library.
    */
-  private class HttpRequest extends ClientRequest {
-    HttpRequest() {
-      exists(string protocol |
+  private class NodeHttpUrlRequest extends CustomClientRequest, NodeJSClientRequest {
+
+    DataFlow::Node url;
+
+    NodeHttpUrlRequest() {
+      exists (string moduleName, DataFlow::SourceNode callee |
+        this = callee.getACall() |
+        (moduleName = "http" or moduleName = "https") and
         (
-          protocol = "http" or
-          protocol = "https"
-        )
-        and
-        this = DataFlow::moduleImport(protocol).getAMemberCall("request")
+          callee = DataFlow::moduleMember(moduleName, any(HTTP::RequestMethodName m).toLowerCase())
+          or
+          callee = DataFlow::moduleMember(moduleName, "request")
+        ) and
+        url = getArgument(0)
       )
     }
-    
-    override DataFlow::Node getOptions() {
-      result = this.(DataFlow::MethodCallNode).getArgument(0)
-    }
-  }
-  
-  /**
-   * A data flow node that is an HTTP or HTTPS client request made by a Node.js process, for example `https.get(url)`.
-   */
-  private class HttpGet extends ClientRequest {
-    HttpGet() {
-      exists(string protocol |
-        (
-          protocol = "http" or
-          protocol = "https"
-        )
-        and
-        this = DataFlow::moduleImport(protocol).getAMemberCall("get")
-      )
+
+    override DataFlow::Node getUrl() {
+      result = url
     }
-    
+
     override DataFlow::Node getOptions() {
       result = this.(DataFlow::MethodCallNode).getArgument(0)
     }
@@ -556,13 +546,13 @@ module NodeJSLib {
    */
   private class ClientRequestCallbackParam extends DataFlow::ParameterNode, RemoteFlowSource {
     ClientRequestCallbackParam() {
-      exists(ClientRequest req |
+      exists(NodeJSClientRequest req |
         this = req.(DataFlow::MethodCallNode).getCallback(1).getParameter(0)
       )
     }
 
     override string getSourceType() {
-      result = "ClientRequest callback parameter"
+      result = "NodeJSClientRequest callback parameter"
     }
   }
 
@@ -589,7 +579,7 @@ module NodeJSLib {
    */
   class ClientRequestHandler extends DataFlow::FunctionNode {
     string handledEvent;
-    ClientRequest clientRequest;
+    NodeJSClientRequest clientRequest;
 
     ClientRequestHandler() {
       exists(DataFlow::MethodCallNode mcn |
@@ -609,7 +599,7 @@ module NodeJSLib {
     /**
      * Gets a request this callback is registered for.
      */
-    ClientRequest getClientRequest() {
+    NodeJSClientRequest getClientRequest() {
       result = clientRequest
     }
   }
@@ -626,7 +616,7 @@ module NodeJSLib {
     }
 
     override string getSourceType() {
-      result = "ClientRequest response event"
+      result = "NodeJSClientRequest response event"
     }
   }
 
@@ -643,7 +633,7 @@ module NodeJSLib {
     }
 
     override string getSourceType() {
-      result = "ClientRequest data event"
+      result = "NodeJSClientRequest data event"
     }
   }
 
@@ -667,7 +657,7 @@ module NodeJSLib {
     }
 
     override string getSourceType() {
-      result = "ClientRequest login event"
+      result = "NodeJSClientRequest login event"
     }
   }
 
@@ -725,7 +715,7 @@ module NodeJSLib {
     }
 
     override string getSourceType() {
-      result = "ClientRequest error event"
+      result = "NodeJSClientRequest error event"
     }
   }
 }

javascript/ql/src/semmle/javascript/frameworks/UrlRequests.qll

@@ -1,16 +1,16 @@
 /**
- * Provides classes for modelling URL requests.
+ * Provides classes for modelling the client-side of a URL request.
  *
- * Subclass `UrlRequest` to refine the behavior of the analysis on existing URL requests.
- * Subclass `CustomUrlRequest` to introduce new kinds of URL requests.
+ * Subclass `ClientRequest` to refine the behavior of the analysis on existing client requests.
+ * Subclass `CustomClientRequest` to introduce new kinds of client requests.
  */
 
 import javascript
 
 /**
  * A call that performs a request to a URL.
  */
-class CustomUrlRequest extends DataFlow::CallNode {
+class CustomClientRequest extends DataFlow::CallNode {
 
   /**
    * Gets the URL of the request.
@@ -21,11 +21,11 @@ class CustomUrlRequest extends DataFlow::CallNode {
 /**
  * A call that performs a request to a URL.
  */
-class UrlRequest extends DataFlow::CallNode {
+class ClientRequest extends DataFlow::CallNode {
 
-  CustomUrlRequest custom;
+  CustomClientRequest custom;
 
-  UrlRequest() {
+  ClientRequest() {
     this = custom
   }
 
@@ -55,7 +55,7 @@ private string urlPropertyName() {
 /**
  * A model of a URL request in the `request` library.
  */
-private class RequestUrlRequest extends CustomUrlRequest {
+private class RequestUrlRequest extends CustomClientRequest {
 
   DataFlow::Node url;
 
@@ -88,7 +88,7 @@ private class RequestUrlRequest extends CustomUrlRequest {
 /**
  * A model of a URL request in the `axios` library.
  */
-private class AxiosUrlRequest extends CustomUrlRequest {
+private class AxiosUrlRequest extends CustomClientRequest {
 
   DataFlow::Node url;
 
@@ -117,7 +117,7 @@ private class AxiosUrlRequest extends CustomUrlRequest {
 /**
  * A model of a URL request in an implementation of the `fetch` API.
  */
-private class FetchUrlRequest extends CustomUrlRequest {
+private class FetchUrlRequest extends CustomClientRequest {
 
   DataFlow::Node url;
 
@@ -145,38 +145,10 @@ private class FetchUrlRequest extends CustomUrlRequest {
 
 }
 
-
-/**
- * A model of a URL request in the Node.js `http` library.
- */
-private class NodeHttpUrlRequest extends CustomUrlRequest {
-
-  DataFlow::Node url;
-
-  NodeHttpUrlRequest() {
-    exists (string moduleName, DataFlow::SourceNode callee |
-      this = callee.getACall() |
-      (moduleName = "http" or moduleName = "https") and
-      (
-        callee = DataFlow::moduleMember(moduleName, httpMethodName())
-        or
-        callee = DataFlow::moduleMember(moduleName, "request") 
-      ) and
-      url = getArgument(0)
-    )
-  }
-
-  override DataFlow::Node getUrl() {
-    result = url
-  }
-
-}
-
-
 /**
  * A model of a URL request in the `got` library.
  */
-private class GotUrlRequest extends CustomUrlRequest {
+private class GotUrlRequest extends CustomClientRequest {
 
   DataFlow::Node url;
 
@@ -201,7 +173,7 @@ private class GotUrlRequest extends CustomUrlRequest {
 /**
  * A model of a URL request in the `superagent` library.
  */
-private class SuperAgentUrlRequest extends CustomUrlRequest {
+private class SuperAgentUrlRequest extends CustomClientRequest {
 
   DataFlow::Node url;
 

javascript/ql/src/semmle/javascript/security/dataflow/RequestForgery.qll

@@ -68,11 +68,11 @@ module RequestForgery {
   /**
    * The URL of a URL request, viewed as a sink for request forgery.
    */
-  private class UrlRequestUrlAsSink extends Sink {
+  private class ClientRequestUrlAsSink extends Sink {
 
-    UrlRequest request;
+    ClientRequest request;
 
-    UrlRequestUrlAsSink() {
+    ClientRequestUrlAsSink() {
       this = request.getUrl()
     }
 

javascript/ql/test/library-tests/frameworks/Electron/ClientRequest.ql

@@ -1,4 +1,4 @@
 import javascript
 
-from NodeJSLib::ClientRequest cr
+from Electron::ElectronClientRequest cr
 select cr

javascript/ql/test/library-tests/frameworks/NodeJSLib/ClientRequest.ql

@@ -1,4 +1,4 @@
 import javascript
 
-from NodeJSLib::ClientRequest cr
+from NodeJSLib::NodeJSClientRequest cr
 select cr

javascript/ql/test/library-tests/frameworks/UrlRequests/UrlRequest.ql

@@ -1,4 +1,4 @@
 import javascript
 
-from UrlRequest r
+from ClientRequest r
 select r, r.getUrl()