JS: make Closure::moduleImport handle member access.

Author: asger-semmle

javascript/ql/src/semmle/javascript/Closure.qll

@@ -170,9 +170,11 @@ module Closure {
     isLibraryNamespacePath(result) and
     node = DataFlow::globalVarRef(result)
     or
-    isLibraryNamespacePath(result) and
-    exists(DataFlow::PropRead read | node = read |
-      result = getLibraryAccessPath(read.getBase().getALocalSource()) + "." + read.getPropertyName()
+    exists(DataFlow::SourceNode base, string basePath, string prop |
+      basePath = getLibraryAccessPath(base) and
+      isLibraryNamespacePath(basePath) and
+      node = base.getAPropertyRead(prop) and
+      result = basePath + "." + prop
     )
     or
     // Associate an access path with the immediate RHS of a store on a closure namespace.
@@ -194,16 +196,9 @@ module Closure {
   }
 
   /**
-   * Gets a dataflow node that refers to the given Closure module.
+   * Gets a dataflow node that refers to the given value exported from a Closure module.
    */
   DataFlow::SourceNode moduleImport(string moduleName) {
     getLibraryAccessPath(result) = moduleName
   }
-
-  /**
-   * Gets a dataflow node that refers to the given member of a Closure module.
-   */
-  DataFlow::SourceNode moduleMember(string moduleName, string memberName) {
-    result = moduleImport(moduleName).getAPropertyRead(memberName)
-  }
 }

javascript/ql/test/library-tests/Closure/Uri.expected

@@ -0,0 +1 @@
+| tests/uri.js:5:5:5:11 | net.Uri |

javascript/ql/test/library-tests/Closure/Uri.ql

@@ -0,0 +1,3 @@
+import javascript
+
+select Closure::moduleImport("goog.net.Uri")

javascript/ql/test/library-tests/Closure/moduleImport.expected

@@ -1,3 +1,59 @@
+| goog | tests/es6Module.js:1:1:1:4 | goog |
+| goog | tests/es6ModuleDefault.js:1:1:1:4 | goog |
+| goog | tests/globalModule.js:1:1:1:4 | goog |
+| goog | tests/globalModuleDefault.js:1:1:1:4 | goog |
+| goog | tests/googModule.js:1:1:1:4 | goog |
+| goog | tests/googModuleDefault.js:1:1:1:4 | goog |
+| goog | tests/requireFromEs6.js:3:20:3:23 | goog |
+| goog | tests/requireFromEs6.js:4:27:4:30 | goog |
+| goog | tests/requireFromEs6.js:6:17:6:20 | goog |
+| goog | tests/requireFromEs6.js:7:24:7:27 | goog |
+| goog | tests/requireFromEs6.js:9:18:9:21 | goog |
+| goog | tests/requireFromEs6.js:10:25:10:28 | goog |
+| goog | tests/requireFromGlobalModule.js:1:1:1:4 | goog |
+| goog | tests/requireFromGlobalModule.js:2:1:2:4 | goog |
+| goog | tests/requireFromGlobalModule.js:4:1:4:4 | goog |
+| goog | tests/requireFromGlobalModule.js:5:1:5:4 | goog |
+| goog | tests/requireFromGlobalModule.js:7:1:7:4 | goog |
+| goog | tests/requireFromGlobalModule.js:8:1:8:4 | goog |
+| goog | tests/requireFromGoogModule.js:1:1:1:4 | goog |
+| goog | tests/requireFromGoogModule.js:3:20:3:23 | goog |
+| goog | tests/requireFromGoogModule.js:4:27:4:30 | goog |
+| goog | tests/requireFromGoogModule.js:6:17:6:20 | goog |
+| goog | tests/requireFromGoogModule.js:7:24:7:27 | goog |
+| goog | tests/requireFromGoogModule.js:9:18:9:21 | goog |
+| goog | tests/requireFromGoogModule.js:10:25:10:28 | goog |
+| goog | tests/uri.js:1:1:1:4 | goog |
+| goog | tests/uri.js:3:11:3:14 | goog |
+| goog.declareModuleId | tests/es6Module.js:1:1:1:20 | goog.declareModuleId |
+| goog.declareModuleId | tests/es6ModuleDefault.js:1:1:1:20 | goog.declareModuleId |
+| goog.module | tests/googModule.js:1:1:1:11 | goog.module |
+| goog.module | tests/googModuleDefault.js:1:1:1:11 | goog.module |
+| goog.module | tests/requireFromGoogModule.js:1:1:1:11 | goog.module |
+| goog.module | tests/uri.js:1:1:1:11 | goog.module |
+| goog.net | tests/uri.js:3:11:3:34 | goog.re ... g.net') |
+| goog.net.Uri | tests/uri.js:5:5:5:11 | net.Uri |
+| goog.provide | tests/globalModule.js:1:1:1:12 | goog.provide |
+| goog.provide | tests/globalModuleDefault.js:1:1:1:12 | goog.provide |
+| goog.require | tests/requireFromEs6.js:3:20:3:31 | goog.require |
+| goog.require | tests/requireFromEs6.js:4:27:4:38 | goog.require |
+| goog.require | tests/requireFromEs6.js:6:17:6:28 | goog.require |
+| goog.require | tests/requireFromEs6.js:7:24:7:35 | goog.require |
+| goog.require | tests/requireFromEs6.js:9:18:9:29 | goog.require |
+| goog.require | tests/requireFromEs6.js:10:25:10:36 | goog.require |
+| goog.require | tests/requireFromGlobalModule.js:1:1:1:12 | goog.require |
+| goog.require | tests/requireFromGlobalModule.js:2:1:2:12 | goog.require |
+| goog.require | tests/requireFromGlobalModule.js:4:1:4:12 | goog.require |
+| goog.require | tests/requireFromGlobalModule.js:5:1:5:12 | goog.require |
+| goog.require | tests/requireFromGlobalModule.js:7:1:7:12 | goog.require |
+| goog.require | tests/requireFromGlobalModule.js:8:1:8:12 | goog.require |
+| goog.require | tests/requireFromGoogModule.js:3:20:3:31 | goog.require |
+| goog.require | tests/requireFromGoogModule.js:4:27:4:38 | goog.require |
+| goog.require | tests/requireFromGoogModule.js:6:17:6:28 | goog.require |
+| goog.require | tests/requireFromGoogModule.js:7:24:7:35 | goog.require |
+| goog.require | tests/requireFromGoogModule.js:9:18:9:29 | goog.require |
+| goog.require | tests/requireFromGoogModule.js:10:25:10:36 | goog.require |
+| goog.require | tests/uri.js:3:11:3:22 | goog.require |
 | x | tests/globalModule.js:3:1:3:1 | x |
 | x | tests/globalModuleDefault.js:3:1:3:1 | x |
 | x | tests/requireFromGlobalModule.js:10:1:10:1 | x |
@@ -26,6 +82,9 @@
 | x.y.z.es6 | tests/requireFromGlobalModule.js:7:1:7:25 | goog.re ... z.es6') |
 | x.y.z.es6 | tests/requireFromGlobalModule.js:16:1:16:9 | x.y.z.es6 |
 | x.y.z.es6 | tests/requireFromGoogModule.js:6:17:6:41 | goog.re ... z.es6') |
+| x.y.z.es6.fun | tests/requireFromEs6.js:15:1:15:13 | es6Module.fun |
+| x.y.z.es6.fun | tests/requireFromGlobalModule.js:16:1:16:13 | x.y.z.es6.fun |
+| x.y.z.es6.fun | tests/requireFromGoogModule.js:15:1:15:13 | es6Module.fun |
 | x.y.z.es6default | tests/requireFromEs6.js:7:24:7:55 | goog.re ... fault') |
 | x.y.z.es6default | tests/requireFromGlobalModule.js:8:1:8:32 | goog.re ... fault') |
 | x.y.z.es6default | tests/requireFromGlobalModule.js:17:1:17:16 | x.y.z.es6default |
@@ -36,6 +95,9 @@
 | x.y.z.global | tests/requireFromGlobalModule.js:10:1:10:12 | x.y.z.global |
 | x.y.z.global | tests/requireFromGoogModule.js:3:20:3:47 | goog.re ... lobal') |
 | x.y.z.global.fun | tests/globalModule.js:4:6:4:10 | () {} |
+| x.y.z.global.fun | tests/requireFromEs6.js:12:1:12:16 | globalModule.fun |
+| x.y.z.global.fun | tests/requireFromGlobalModule.js:10:1:10:16 | x.y.z.global.fun |
+| x.y.z.global.fun | tests/requireFromGoogModule.js:12:1:12:16 | globalModule.fun |
 | x.y.z.globaldefault | tests/globalModuleDefault.js:3:23:3:39 | function fun() {} |
 | x.y.z.globaldefault | tests/requireFromEs6.js:4:27:4:61 | goog.re ... fault') |
 | x.y.z.globaldefault | tests/requireFromGlobalModule.js:2:1:2:35 | goog.re ... fault') |
@@ -45,6 +107,9 @@
 | x.y.z.goog | tests/requireFromGlobalModule.js:4:1:4:26 | goog.re ... .goog') |
 | x.y.z.goog | tests/requireFromGlobalModule.js:13:1:13:10 | x.y.z.goog |
 | x.y.z.goog | tests/requireFromGoogModule.js:9:18:9:43 | goog.re ... .goog') |
+| x.y.z.goog.fun | tests/requireFromEs6.js:18:1:18:14 | googModule.fun |
+| x.y.z.goog.fun | tests/requireFromGlobalModule.js:13:1:13:14 | x.y.z.goog.fun |
+| x.y.z.goog.fun | tests/requireFromGoogModule.js:18:1:18:14 | googModule.fun |
 | x.y.z.googdefault | tests/requireFromEs6.js:10:25:10:57 | goog.re ... fault') |
 | x.y.z.googdefault | tests/requireFromGlobalModule.js:5:1:5:33 | goog.re ... fault') |
 | x.y.z.googdefault | tests/requireFromGlobalModule.js:14:1:14:17 | x.y.z.googdefault |

javascript/ql/test/library-tests/Closure/moduleMember.expected

@@ -0,0 +1,5 @@
+goog.module('uritest');
+
+let net = goog.require('goog.net');
+
+new net.Uri();