JS: Migrate AngularJS.JQLiteObject

asger-semmle · asger-semmle · commit a224186faba8 · 2019-10-07T08:29:42.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll b/javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
@@ -631,11 +631,11 @@ private class RouteParamSource extends RemoteFlowSource {
  * AngularJS expose a jQuery-like interface through `angular.html(..)`.
  * The interface may be backed by an actual jQuery implementation.
  */
-private class JQLiteObject extends JQueryObject {
+private class JQLiteObject extends JQuery::ObjectSource::Range {
   JQLiteObject() {
-    this = angular().getAMemberCall("element").asExpr()
+    this = angular().getAMemberCall("element")
     or
-    exists(SimpleParameter param |
+    exists(Parameter param | this = DataFlow::parameterNode(param) |
       // element parameters to user-functions invoked by AngularJS
       param = any(LinkFunction link).getElementParameter()
       or
@@ -652,15 +652,13 @@ private class JQLiteObject extends JQueryObject {
           param = f.getAstNode().(Function).getParameter(i)
         )
       )
-    |
-      this = param.getAnInitialUse()
     )
     or
     exists(ServiceReference element |
       element.getName() = "$rootElement" or
       element.getName() = "$document"
     |
-      this = element.getAnAccess()
+      this = element.getAReference()
     )
   }
 }
diff --git a/javascript/ql/src/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll b/javascript/ql/src/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
@@ -34,6 +34,13 @@ abstract class ServiceReference extends TServiceReference {
    */
   abstract string getName();
 
+  /**
+   * Gets a data flow node that may refer to this service.
+   */
+  DataFlow::SourceNode getAReference() {
+    result = DataFlow::parameterNode(any(ServiceRequest request).getDependencyParameter(this))
+  }
+
   /**
    * Gets an access to the referenced service.
    */

Original file line number	Diff line number	Diff line change
`@@ -631,11 +631,11 @@ private class RouteParamSource extends RemoteFlowSource {`
`631`	`631`	* AngularJS expose a jQuery-like interface through `angular.html(..)`.
`632`	`632`	`* The interface may be backed by an actual jQuery implementation.`
`633`	`633`	`*/`
`634`		`-private class JQLiteObject extends JQueryObject {`
	`634`	`+private class JQLiteObject extends JQuery::ObjectSource::Range {`
`635`	`635`	`JQLiteObject() {`
`636`		`- this = angular().getAMemberCall("element").asExpr()`
	`636`	`+ this = angular().getAMemberCall("element")`
`637`	`637`	`or`
`638`		`- exists(SimpleParameter param \|`
	`638`	`+ exists(Parameter param \| this = DataFlow::parameterNode(param) \|`
`639`	`639`	`// element parameters to user-functions invoked by AngularJS`
`640`	`640`	`param = any(LinkFunction link).getElementParameter()`
`641`	`641`	`or`
`@@ -652,15 +652,13 @@ private class JQLiteObject extends JQueryObject {`
`652`	`652`	`param = f.getAstNode().(Function).getParameter(i)`
`653`	`653`	`)`
`654`	`654`	`)`
`655`		`- \|`
`656`		`- this = param.getAnInitialUse()`
`657`	`655`	`)`
`658`	`656`	`or`
`659`	`657`	`exists(ServiceReference element \|`
`660`	`658`	`element.getName() = "$rootElement" or`
`661`	`659`	`element.getName() = "$document"`
`662`	`660`	`\|`
`663`		`- this = element.getAnAccess()`
	`661`	`+ this = element.getAReference()`
`664`	`662`	`)`
`665`	`663`	`}`
`666`	`664`	`}`