Merge pull request #2169 from erik-krogh/importMeta

asger-semmle · web-flow · commit 7dd746328805 · 2019-10-24T11:20:04.000+01:00
JS: add initial support for import.meta expressions in TypeScript
diff --git a/change-notes/1.23/analysis-javascript.md b/change-notes/1.23/analysis-javascript.md
@@ -12,6 +12,9 @@
 
 * The call graph has been improved to resolve method calls in more cases. This may produce more security alerts.
 
+* TypeScript 3.6 features are supported.
+
+
 ## New queries
 
 | **Query**                                                                 | **Tags**                                                          | **Purpose**                                                                                                                                                                            |
diff --git a/javascript/extractor/lib/typescript/src/main.ts b/javascript/extractor/lib/typescript/src/main.ts
@@ -162,10 +162,10 @@ function prepareNextFile() {
     }
 }
 
-function handleParseCommand(command: ParseCommand) {
+function handleParseCommand(command: ParseCommand, checkPending = true) {
     let filename = command.filename;
     let expectedFilename = state.pendingFiles[state.pendingFileIndex];
-    if (expectedFilename !== filename) {
+    if (expectedFilename !== filename && checkPending) {
         throw new Error("File requested out of order. Expected '" + expectedFilename + "' but got '" + filename + "'");
     }
     ++state.pendingFileIndex;
@@ -515,13 +515,13 @@ if (process.argv.length > 2) {
             handleParseCommand({
                 command: "parse",
                 filename: sf.fileName,
-            });
+            }, false);
         }
     } else if (pathlib.extname(argument) === ".ts" || pathlib.extname(argument) === ".tsx") {
         handleParseCommand({
             command: "parse",
             filename: argument,
-        });
+        }, false);
     } else {
         console.error("Unrecognized file or flag: " + argument);
     }
diff --git a/javascript/extractor/src/com/semmle/js/extractor/ExprKinds.java b/javascript/extractor/src/com/semmle/js/extractor/ExprKinds.java
@@ -249,6 +249,7 @@ public Integer visit(ComprehensionBlock nd, Void q) {
               @Override
               public Integer visit(MetaProperty nd, Void c) {
                 if (nd.getMeta().getName().equals("new")) return 82; // @newtargetexpr
+                if (nd.getMeta().getName().equals("import")) return 115; // @importmetaexpr
                 return 93; // @functionsentexpr
               }
 
diff --git a/javascript/extractor/src/com/semmle/js/parser/TypeScriptASTConverter.java b/javascript/extractor/src/com/semmle/js/parser/TypeScriptASTConverter.java
@@ -1584,10 +1584,12 @@ private Node convertMappedType(JsonObject node, SourceLocation loc) throws Parse
 
   private Node convertMetaProperty(JsonObject node, SourceLocation loc) throws ParseError {
     Position metaStart = loc.getStart();
+    String keywordKind = syntaxKinds.get(node.getAsJsonPrimitive("keywordToken").getAsInt() + "").getAsString();
+    String identifier = keywordKind.equals("ImportKeyword") ? "import" : "new";
     Position metaEnd =
-        new Position(metaStart.getLine(), metaStart.getColumn() + 3, metaStart.getOffset() + 3);
-    SourceLocation metaLoc = new SourceLocation("new", metaStart, metaEnd);
-    Identifier meta = new Identifier(metaLoc, "new");
+        new Position(metaStart.getLine(), metaStart.getColumn() + identifier.length(), metaStart.getOffset() + identifier.length());
+    SourceLocation metaLoc = new SourceLocation(identifier, metaStart, metaEnd);
+    Identifier meta = new Identifier(metaLoc, identifier);
     return new MetaProperty(loc, meta, convertChild(node, "name"));
   }
 
diff --git a/javascript/ql/src/semmle/javascript/ES2015Modules.qll b/javascript/ql/src/semmle/javascript/ES2015Modules.qll
@@ -641,4 +641,4 @@ class OriginalExportDeclaration extends ExportDeclaration {
     result = this.(ExportDefaultDeclaration).getSourceNode(name) or
     result = this.(ExportNamedDeclaration).getSourceNode(name)
   }
-}
+}
diff --git a/javascript/ql/src/semmle/javascript/Expr.qll b/javascript/ql/src/semmle/javascript/Expr.qll
@@ -2645,3 +2645,15 @@ class OptionalChainRoot extends ChainElem {
    */
   OptionalUse getAnOptionalUse() { result = optionalUse }
 }
+
+/**
+ * An `import.meta` expression.
+ *
+ * Example:
+ * ```js
+ * let url = import.meta.url;
+ * ```
+ */
+class ImportMetaExpr extends @importmetaexpr, Expr {
+  override predicate isImpure() { none() }
+}
diff --git a/javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll
@@ -1415,6 +1415,8 @@ module DataFlow {
       or
       e instanceof NewTargetExpr
       or
+      e instanceof ImportMetaExpr
+      or
       e instanceof FunctionBindExpr
       or
       e instanceof TaggedTemplateExpr
diff --git a/javascript/ql/src/semmle/javascript/dataflow/Sources.qll b/javascript/ql/src/semmle/javascript/dataflow/Sources.qll
@@ -235,7 +235,8 @@ module SourceNode {
         astNode instanceof FunctionSentExpr or
         astNode instanceof FunctionBindExpr or
         astNode instanceof DynamicImportExpr or
-        astNode instanceof ImportSpecifier
+        astNode instanceof ImportSpecifier or
+        astNode instanceof ImportMetaExpr
       )
       or
       DataFlow::parameterNode(this, _)
diff --git a/javascript/ql/src/semmlecode.javascript.dbscheme b/javascript/ql/src/semmlecode.javascript.dbscheme
@@ -349,6 +349,7 @@ case @expr.kind of
 | 112 = @e4x_xml_static_qualident
 | 113 = @e4x_xml_dynamic_qualident
 | 114 = @e4x_xml_dotdotexpr
+| 115 = @importmetaexpr
 ;
 
 @varaccess = @proper_varaccess | @export_varaccess;
@@ -1169,4 +1170,4 @@ extraction_data(
    varchar(900) cacheFile: string ref,
    boolean fromCache: boolean ref,
    int length: int ref
-)
+)
diff --git a/javascript/ql/src/semmlecode.javascript.dbscheme.stats b/javascript/ql/src/semmlecode.javascript.dbscheme.stats
@@ -514,6 +514,10 @@
 <v>1</v>
 </e>
 <e>
+<k>@importmetaexpr</k>
+<v>1</v>
+</e>
+<e>
 <k>@namedimportspecifier</k>
 <v>4</v>
 </e>
diff --git a/javascript/ql/test/library-tests/TypeScript/ImportMeta/test.expected b/javascript/ql/test/library-tests/TypeScript/ImportMeta/test.expected
@@ -0,0 +1 @@
+| tst.ts:7:9:7:19 | import.meta |
diff --git a/javascript/ql/test/library-tests/TypeScript/ImportMeta/test.ql b/javascript/ql/test/library-tests/TypeScript/ImportMeta/test.ql
@@ -0,0 +1,5 @@
+import javascript
+
+from Expr prop
+where prop instanceof ImportMetaExpr
+select prop
diff --git a/javascript/ql/test/library-tests/TypeScript/ImportMeta/tsconfig.json b/javascript/ql/test/library-tests/TypeScript/ImportMeta/tsconfig.json
@@ -0,0 +1,3 @@
+{
+  
+}
diff --git a/javascript/ql/test/library-tests/TypeScript/ImportMeta/tst.ts b/javascript/ql/test/library-tests/TypeScript/ImportMeta/tst.ts
@@ -0,0 +1,7 @@
+
+
+interface ImportMeta {
+  wellKnownProperty: { a: number, b: string, c: boolean };
+}
+
+var a = import.meta.wellKnownProperty.a;
diff --git a/javascript/upgrades/ab0dab3b55b386f366e9904e10139edebca0495c/old.dbscheme b/javascript/upgrades/ab0dab3b55b386f366e9904e10139edebca0495c/old.dbscheme
diff --git a/javascript/upgrades/ab0dab3b55b386f366e9904e10139edebca0495c/semmlecode.javascript.dbscheme b/javascript/upgrades/ab0dab3b55b386f366e9904e10139edebca0495c/semmlecode.javascript.dbscheme
diff --git a/javascript/upgrades/ab0dab3b55b386f366e9904e10139edebca0495c/upgrade.properties b/javascript/upgrades/ab0dab3b55b386f366e9904e10139edebca0495c/upgrade.properties

Original file line number	Diff line number	Diff line change
`@@ -162,10 +162,10 @@ function prepareNextFile() {`
`162`	`162`	`}`
`163`	`163`	`}`
`164`	`164`
`165`		`-function handleParseCommand(command: ParseCommand) {`
	`165`	`+function handleParseCommand(command: ParseCommand, checkPending = true) {`
`166`	`166`	`let filename = command.filename;`
`167`	`167`	`let expectedFilename = state.pendingFiles[state.pendingFileIndex];`
`168`		`- if (expectedFilename !== filename) {`
	`168`	`+ if (expectedFilename !== filename && checkPending) {`
`169`	`169`	`throw new Error("File requested out of order. Expected '" + expectedFilename + "' but got '" + filename + "'");`
`170`	`170`	`}`
`171`	`171`	`++state.pendingFileIndex;`
`@@ -515,13 +515,13 @@ if (process.argv.length > 2) {`
`515`	`515`	`handleParseCommand({`
`516`	`516`	`command: "parse",`
`517`	`517`	`filename: sf.fileName,`
`518`		`- });`
	`518`	`+ }, false);`
`519`	`519`	`}`
`520`	`520`	`} else if (pathlib.extname(argument) === ".ts" \|\| pathlib.extname(argument) === ".tsx") {`
`521`	`521`	`handleParseCommand({`
`522`	`522`	`command: "parse",`
`523`	`523`	`filename: argument,`
`524`		`- });`
	`524`	`+ }, false);`
`525`	`525`	`} else {`
`526`	`526`	`console.error("Unrecognized file or flag: " + argument);`
`527`	`527`	`}`
Original file line number	Diff line number	Diff line change
`@@ -249,6 +249,7 @@ public Integer visit(ComprehensionBlock nd, Void q) {`
`249`	`249`	`@Override`
`250`	`250`	`public Integer visit(MetaProperty nd, Void c) {`
`251`	`251`	`if (nd.getMeta().getName().equals("new")) return 82; // @newtargetexpr`
	`252`	`+ if (nd.getMeta().getName().equals("import")) return 115; // @importmetaexpr`
`252`	`253`	`return 93; // @functionsentexpr`
`253`	`254`	`}`
`254`	`255`
Original file line number	Diff line number	Diff line change
`@@ -641,4 +641,4 @@ class OriginalExportDeclaration extends ExportDeclaration {`
`641`	`641`	`result = this.(ExportDefaultDeclaration).getSourceNode(name) or`
`642`	`642`	`result = this.(ExportNamedDeclaration).getSourceNode(name)`
`643`	`643`	`}`
`644`		`-}`
	`644`	`+}`