Skip to content

Commit 96bf82e

Browse files
author
Max Schaefer
committed
JavaScript: Make new source-node classes in API graphs more general and more useful.
1 parent 95b6b16 commit 96bf82e

File tree

1 file changed

+27
-13
lines changed

1 file changed

+27
-13
lines changed

javascript/ql/src/semmle/javascript/ApiGraphs.qll

Lines changed: 27 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -561,15 +561,11 @@ module API {
561561
cached
562562
predicate use(TApiNode nd, DataFlow::Node ref) {
563563
exists(string m, Module mod | nd = MkModuleDef(m) and mod = importableModule(m) |
564-
ref = DataFlow::ssaDefinitionNode(SSA::implicitInit(mod.(NodeModule).getModuleVariable()))
565-
or
566-
ref = DataFlow::parameterNode(mod.(AmdModule).getDefine().getModuleParameter())
564+
ref.(ModuleAsSourceNode).getModule() = mod
567565
)
568566
or
569567
exists(string m, Module mod | nd = MkModuleExport(m) and mod = importableModule(m) |
570-
ref = DataFlow::ssaDefinitionNode(SSA::implicitInit(mod.(NodeModule).getExportsVariable()))
571-
or
572-
ref = DataFlow::parameterNode(mod.(AmdModule).getDefine().getExportsParameter())
568+
ref.(ExportsAsSourceNode).getModule() = mod
573569
or
574570
exists(DataFlow::Node base | use(MkModuleDef(m), base) |
575571
ref = trackUseNode(base).getAPropertyRead("exports")
@@ -796,13 +792,31 @@ private module Label {
796792
}
797793

798794
/**
799-
* A CommonJS `module` or `exports` variable, considered as a source node.
795+
* A CommonJS/AMD `module` variable, considered as a source node.
800796
*/
801-
private class AdditionalSourceNode extends DataFlow::SourceNode::Range {
802-
AdditionalSourceNode() {
803-
exists(NodeModule m, Variable v |
804-
v in [m.getModuleVariable(), m.getExportsVariable()] and
805-
this = DataFlow::ssaDefinitionNode(SSA::implicitInit(v))
806-
)
797+
private class ModuleAsSourceNode extends DataFlow::SourceNode::Range {
798+
Module m;
799+
800+
ModuleAsSourceNode() {
801+
this = DataFlow::ssaDefinitionNode(SSA::implicitInit(m.(NodeModule).getModuleVariable()))
802+
or
803+
this = DataFlow::parameterNode(m.(AmdModule).getDefine().getModuleParameter())
804+
}
805+
806+
Module getModule() { result = m }
807+
}
808+
809+
/**
810+
* A CommonJS/AMD `exports` variable, considered as a source node.
811+
*/
812+
private class ExportsAsSourceNode extends DataFlow::SourceNode::Range {
813+
Module m;
814+
815+
ExportsAsSourceNode() {
816+
this = DataFlow::ssaDefinitionNode(SSA::implicitInit(m.(NodeModule).getExportsVariable()))
817+
or
818+
this = DataFlow::parameterNode(m.(AmdModule).getDefine().getExportsParameter())
807819
}
820+
821+
Module getModule() { result = m }
808822
}

0 commit comments

Comments
 (0)