JavaScript: Recognize imports from TypeScript type annotations

Author: emarteca

javascript/ql/src/semmle/javascript/TypeScript.qll

@@ -542,13 +542,13 @@ class TypeExpr extends ExprOrType, @typeexpr, TypeAnnotation {
    * without type information.
    */
   override Type getType() { ast_node_type(this, result) }
-  
+
   override Stmt getEnclosingStmt() { result = ExprOrType.super.getEnclosingStmt() }
-  
+
   override Function getEnclosingFunction() { result = ExprOrType.super.getEnclosingFunction() }
-  
+
   override StmtContainer getContainer() { result = ExprOrType.super.getContainer() }
-  
+
   override TopLevel getTopLevel() { result = ExprOrType.super.getTopLevel() }
 }
 
@@ -1474,6 +1474,44 @@ class ExternalModuleScope extends @externalmodulescope, Scope {
   override string toString() { result = "external module scope" }
 }
 
+/**
+ * A reference to a global variable for which there is a
+ * TypeScript type annotation suggesting that it contains
+ * the namespace object of a module.
+ *
+ * For example:
+ * ```
+ * import * as net_outer from "net"
+ * declare global {
+ * 		var net: typeof net_outer
+ * }
+ *
+ * var s = net.createServer(); // this reference to net is an import
+ * ```
+ */
+class TSGlobalDeclImport extends DataFlow::ModuleImportNode::Range {
+  string path;
+
+  TSGlobalDeclImport() {
+    exists(
+      GlobalVariable gv, VariableDeclarator vd, TypeofTypeExpr tt, LocalVarTypeAccess pkg,
+      BulkImportDeclaration i
+    |
+      // gv is declared with type "typeof pkg"
+      vd.getBindingPattern() = gv.getADeclaration() and
+      tt = vd.getTypeAnnotation() and
+      pkg = tt.getExpressionName() and
+      // then, check pkg is imported as "import * as pkg from path"
+      i.getLocal().getVariable() = pkg.getVariable() and
+      path = i.getImportedPath().getValue() and
+      // finally, "this" needs to be a reference to gv
+      this = DataFlow::exprNode(gv.getAnAccess())
+    )
+  }
+
+  override string getPath() { result = path }
+}
+
 /**
  * A TypeScript comment of one of the two forms:
  * ```

javascript/ql/test/library-tests/ModuleImportNodes/TSGlobalImport.expected

@@ -0,0 +1,19 @@
+| amd1.js:1:25:1:26 | fs | fs |
+| amd2.js:2:12:2:24 | require('fs') | fs |
+| client1.ts:4:28:4:29 | F1 | framework1 |
+| client1.ts:6:9:6:11 | net | net |
+| client2.ts:4:28:4:29 | F2 | framework2 |
+| client2_lazy.ts:4:28:4:29 | F2 | framework2 |
+| declare-module-client2.ts:3:1:3:22 | import  ...  'foo'; | foo |
+| declare-module-client.ts:3:1:3:22 | import  ...  'foo'; | foo |
+| destructuringES6.js:1:1:1:41 | import  ... ctron'; | electron |
+| destructuringRequire.js:1:27:1:45 | require('electron') | electron |
+| instanceThroughDefaultImport.js:1:1:1:82 | import  ... tance'; | myDefaultImportedModuleInstance |
+| instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName | myDefaultImportedModuleInstance |
+| instanceThroughNamespaceImport.js:1:8:1:49 | myNamespaceImportedModuleInstanceName | myNamespaceImportedModuleInstance |
+| instanceThroughRequire.js:1:36:1:70 | require ... tance') | myRequiredModuleInstance |
+| moduleUses.js:1:11:1:24 | require('mod') | mod |
+| process2.js:1:1:1:13 | require('fs') | fs |
+| process2.js:2:10:2:16 | process | process |
+| process.js:1:10:1:27 | require('process') | process |
+| process.js:2:10:2:23 | global.process | process |

javascript/ql/test/library-tests/ModuleImportNodes/TSGlobalImport.ql

@@ -0,0 +1,5 @@
+import javascript
+
+// this will catch the new import style
+from DataFlow::ModuleImportNode m
+select m, m.getPath()

javascript/ql/test/library-tests/ModuleImportNodes/client1.ts

@@ -0,0 +1,6 @@
+// <reference path="framework1.d.ts" />
+//import * as F from 'framework1';
+
+var a : F1.Component = new F1.Component();
+var b : Util.DefaultComponent = new Util.DefaultComponent();
+var s = net.createServer();

javascript/ql/test/library-tests/ModuleImportNodes/client2.ts

@@ -0,0 +1,5 @@
+// <reference types="framework2" />
+//import * as F from 'framework2';
+
+var a : F2.Component = new F2.Component();
+var b : Util2.DefaultComponent = new Util2.DefaultComponent();

javascript/ql/test/library-tests/ModuleImportNodes/client2_lazy.ts

@@ -0,0 +1,5 @@
+// TypeScript finds the "framework2/index.d.ts" file even without the reference comment.
+//import * as F from 'framework2';
+
+var a : F2.Component = new F2.Component();
+var b : Util2.DefaultComponent = new Util2.DefaultComponent();

javascript/ql/test/library-tests/ModuleImportNodes/declare-module-client.ts

@@ -0,0 +1,5 @@
+/// <reference path="declare-module.d.ts"/>
+
+import {C} from 'foo';
+
+var x: C;

javascript/ql/test/library-tests/ModuleImportNodes/declare-module-client2.ts

@@ -0,0 +1,5 @@
+/// <reference path="./declare-module.d.ts"/>
+
+import {C} from 'foo';
+
+var x: C;

javascript/ql/test/library-tests/ModuleImportNodes/declare-module.d.ts

@@ -0,0 +1,3 @@
+declare module "foo" {
+  class C {}
+}

javascript/ql/test/library-tests/ModuleImportNodes/decls.ts

@@ -0,0 +1,10 @@
+// <reference types="framework2" />
+import * as F1_outer from 'framework1';
+import * as F2_outer from 'framework2';
+import * as net_outer from "net";
+
+declare global {
+	var F1: typeof F1_outer
+	var F2: typeof F2_outer
+	var net: typeof net_outer
+}