JS: add localFieldStep

Author: asger-semmle

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

@@ -1078,6 +1078,16 @@ module DataFlow {
     )
   }
 
+  /**
+   * Holds if there is a step from `pred` to `succ` through a field accessed through `this` in a class.
+   */
+  predicate localFieldStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists (ClassNode cls, string prop |
+      pred = cls.getAReceiverNode().getAPropertyWrite(prop).getRhs() and
+      succ = cls.getAReceiverNode().getAPropertyRead(prop)
+    )
+  }
+
   /**
    * Gets the data flow node representing the source of definition `def`, taking
    * flow through IIFE calls into account.

javascript/ql/test/library-tests/ClassNode/FieldStep.expected

@@ -0,0 +1,3 @@
+| tst2.js:3:14:3:14 | x | tst2.js:7:5:7:10 | this.x |
+| tst2.js:3:14:3:14 | x | tst2.js:8:25:8:30 | this.x |
+| tst2.js:3:14:3:14 | x | tst2.js:12:12:12:17 | this.x |

javascript/ql/test/library-tests/ClassNode/FieldStep.ql

@@ -0,0 +1,5 @@
+import javascript
+
+from DataFlow::Node pred, DataFlow::Node succ
+where DataFlow::localFieldStep(pred, succ)
+select pred, succ

javascript/ql/test/library-tests/ClassNode/InstanceMember.expected

@@ -1,4 +1,6 @@
 | namespace.js:5:32:5:44 | function() {} | Baz.method | method |
+| tst2.js:6:9:9:3 | () {\\n   ... .x;\\n  } | C.method | method |
+| tst2.js:11:13:13:3 | () {\\n   ... .x;\\n  } | C.getter | getter |
 | tst.js:4:17:4:21 | () {} | A.instanceMethod | method |
 | tst.js:7:6:7:10 | () {} | A.bar | method |
 | tst.js:9:10:9:14 | () {} | A.baz | getter |

javascript/ql/test/library-tests/ClassNode/InstanceMethod.expected

@@ -1,4 +1,5 @@
 | namespace.js:5:32:5:44 | function() {} | Baz.method |
+| tst2.js:6:9:9:3 | () {\\n   ... .x;\\n  } | C.method |
 | tst.js:4:17:4:21 | () {} | A.instanceMethod |
 | tst.js:7:6:7:10 | () {} | A.bar |
 | tst.js:17:19:17:31 | function() {} | B.foo |

javascript/ql/test/library-tests/ClassNode/getAReceiverNode.expected

@@ -0,0 +1,18 @@
+| namespace.js:3:15:3:31 | function Baz() {} | namespace.js:3:15:3:14 | this |
+| namespace.js:3:15:3:31 | function Baz() {} | namespace.js:5:32:5:31 | this |
+| tst2.js:1:1:14:1 | class C ... ;\\n  }\\n} | tst2.js:2:14:2:13 | this |
+| tst2.js:1:1:14:1 | class C ... ;\\n  }\\n} | tst2.js:6:9:6:8 | this |
+| tst2.js:1:1:14:1 | class C ... ;\\n  }\\n} | tst2.js:11:13:11:12 | this |
+| tst.js:3:1:10:1 | class A ... () {}\\n} | tst.js:3:9:3:8 | this |
+| tst.js:3:1:10:1 | class A ... () {}\\n} | tst.js:4:17:4:16 | this |
+| tst.js:3:1:10:1 | class A ... () {}\\n} | tst.js:7:6:7:5 | this |
+| tst.js:3:1:10:1 | class A ... () {}\\n} | tst.js:9:10:9:9 | this |
+| tst.js:13:1:13:21 | class A ... ds A {} | tst.js:13:20:13:19 | this |
+| tst.js:15:1:15:15 | function B() {} | tst.js:15:1:15:0 | this |
+| tst.js:15:1:15:15 | function B() {} | tst.js:17:19:17:18 | this |
+| tst.js:19:1:19:15 | function C() {} | tst.js:19:1:19:0 | this |
+| tst.js:19:1:19:15 | function C() {} | tst.js:21:19:21:18 | this |
+| tst.js:23:1:23:15 | function D() {} | tst.js:23:1:23:0 | this |
+| tst.js:23:1:23:15 | function D() {} | tst.js:25:13:25:12 | this |
+| tst.js:23:1:23:15 | function D() {} | tst.js:26:13:26:12 | this |
+| tst.js:23:1:23:15 | function D() {} | tst.js:27:4:27:3 | this |

javascript/ql/test/library-tests/ClassNode/getAReceiverNode.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from DataFlow::ClassNode cls
+select cls, cls.getAReceiverNode()

javascript/ql/test/library-tests/ClassNode/tst2.js

@@ -0,0 +1,14 @@
+class C {
+  constructor(x) {
+    this.x = x;
+  }
+
+  method() {
+    this.x;
+    let closure = () => this.x;
+  }
+
+  get getter() {
+    return this.x;
+  }
+}