Merge pull request #925 from asger-semmle/closure-reorg

Approved by xiemaisi

Author: semmle-qlci

javascript/ql/src/semmle/javascript/Closure.qll

@@ -6,103 +6,142 @@ import javascript
 
 module Closure {
   /**
-   * A call to a function in the `goog` namespace such as `goog.provide` or `goog.load`.
+   * A reference to a Closure namespace.
    */
-  class GoogFunctionCall extends CallExpr {
-    GoogFunctionCall() {
-      exists(GlobalVariable gv | gv.getName() = "goog" |
-        this.getCallee().(DotExpr).getBase() = gv.getAnAccess()
-      )
-    }
+  class ClosureNamespaceRef extends DataFlow::Node {
+    ClosureNamespaceRef::Range range;
+
+    ClosureNamespaceRef() { this = range }
 
-    /** Gets the name of the invoked function. */
-    string getFunctionName() { result = getCallee().(DotExpr).getPropertyName() }
+    /**
+     * Gets the namespace being referenced.
+     */
+    string getClosureNamespace() { result = range.getClosureNamespace() }
+  }
+
+  module ClosureNamespaceRef {
+    /**
+     * A reference to a Closure namespace.
+     *
+     * Can be subclassed to classify additional nodes as namespace references.
+     */
+    abstract class Range extends DataFlow::Node {
+      /**
+       * Gets the namespace being referenced.
+       */
+      abstract string getClosureNamespace();
+    }
   }
 
   /**
-   * An expression statement consisting of a call to a function
-   * in the `goog` namespace.
+   * A data flow node that returns the value of a closure namespace.
    */
-  class GoogFunctionCallStmt extends ExprStmt {
-    GoogFunctionCallStmt() { super.getExpr() instanceof GoogFunctionCall }
-
-    override GoogFunctionCall getExpr() { result = super.getExpr() }
+  class ClosureNamespaceAccess extends ClosureNamespaceRef {
+    override ClosureNamespaceAccess::Range range;
+  }
 
-    /** Gets the name of the invoked function. */
-    string getFunctionName() { result = getExpr().getFunctionName() }
+  module ClosureNamespaceAccess {
+    /**
+     * A data flow node that returns the value of a closure namespace.
+     *
+     * Can be subclassed to classify additional nodes as namespace accesses.
+     */
+    abstract class Range extends ClosureNamespaceRef::Range { }
+  }
 
-    /** Gets the `i`th argument to the invoked function. */
-    Expr getArgument(int i) { result = getExpr().getArgument(i) }
+  /**
+   * A call to a method on the `goog.` namespace, as a closure reference.
+   */
+  abstract private class DefaultNamespaceRef extends DataFlow::MethodCallNode,
+    ClosureNamespaceRef::Range {
+    DefaultNamespaceRef() { this = DataFlow::globalVarRef("goog").getAMethodCall() }
 
-    /** Gets an argument to the invoked function. */
-    Expr getAnArgument() { result = getArgument(_) }
+    override string getClosureNamespace() { result = getArgument(0).asExpr().getStringValue() }
   }
 
-  abstract private class GoogNamespaceRef extends ExprOrStmt {
-    abstract string getNamespaceId();
+  /**
+   * Holds if `node` is the data flow node corresponding to the expression in
+   * a top-level expression statement.
+   */
+  private predicate isTopLevelExpr(DataFlow::Node node) {
+    node.getTopLevel().getAChildStmt().(ExprStmt).getExpr().flow() = node
   }
 
   /**
-   * A call to `goog.provide`.
+   * A top-level call to `goog.provide`.
    */
-  class GoogProvide extends GoogFunctionCallStmt, GoogNamespaceRef {
-    GoogProvide() { getFunctionName() = "provide" }
+  private class DefaultClosureProvideCall extends DefaultNamespaceRef {
+    DefaultClosureProvideCall() {
+      getMethodName() = "provide" and
+      isTopLevelExpr(this)
+    }
+  }
 
-    /** Gets the identifier of the namespace created by this call. */
-    override string getNamespaceId() { result = getArgument(0).getStringValue() }
+  /**
+   * A top-level call to `goog.provide`.
+   */
+  class ClosureProvideCall extends ClosureNamespaceRef, DataFlow::MethodCallNode {
+    override DefaultClosureProvideCall range;
   }
 
   /**
    * A call to `goog.require`.
    */
-  class GoogRequire extends GoogFunctionCall, GoogNamespaceRef {
-    GoogRequire() { getFunctionName() = "require" }
-
-    /** Gets the identifier of the namespace imported by this call. */
-    override string getNamespaceId() { result = getArgument(0).getStringValue() }
+  private class DefaultClosureRequireCall extends DefaultNamespaceRef, ClosureNamespaceAccess::Range {
+    DefaultClosureRequireCall() { getMethodName() = "require" }
   }
 
-  private class GoogRequireImport extends GoogRequire, Import {
-    /** Gets the module in which this import appears. */
-    override Module getEnclosingModule() { result = getTopLevel() }
-
-    /** Gets the (unresolved) path that this import refers to. */
-    override PathExpr getImportedPath() { result = getArgument(0) }
+  /**
+   * A call to `goog.require`.
+   */
+  class ClosureRequireCall extends ClosureNamespaceAccess, DataFlow::MethodCallNode {
+    override DefaultClosureRequireCall range;
   }
 
   /**
-   * A call to `goog.module` or `goog.declareModuleId`.
+   * A top-level call to `goog.module` or `goog.declareModuleId`.
    */
-  class GoogModuleDeclaration extends GoogFunctionCallStmt, GoogNamespaceRef {
-    GoogModuleDeclaration() {
-      getFunctionName() = "module" or
-      getFunctionName() = "declareModuleId"
+  private class DefaultClosureModuleDeclaration extends DefaultNamespaceRef {
+    DefaultClosureModuleDeclaration() {
+      (getMethodName() = "module" or getMethodName() = "declareModuleId") and
+      isTopLevelExpr(this)
     }
+  }
 
-    /** Gets the identifier of the namespace imported by this call. */
-    override string getNamespaceId() { result = getArgument(0).getStringValue() }
+  /**
+   * A top-level call to `goog.module` or `goog.declareModuleId`.
+   */
+  class ClosureModuleDeclaration extends ClosureNamespaceRef, DataFlow::MethodCallNode {
+    override DefaultClosureModuleDeclaration range;
   }
 
   /**
    * A module using the Closure module system, declared using `goog.module()` or `goog.declareModuleId()`.
    */
   class ClosureModule extends Module {
-    ClosureModule() { getAChildStmt() instanceof GoogModuleDeclaration }
+    ClosureModule() {
+      // Use AST-based predicate to cut recursive dependencies.
+      exists(MethodCallExpr call |
+        getAStmt().(ExprStmt).getExpr() = call and
+        call.getReceiver().(GlobalVarAccess).getName() = "goog" and
+        (call.getMethodName() = "module" or call.getMethodName() = "declareModuleId")
+      )
+    }
 
     /**
      * Gets the call to `goog.module` or `goog.declareModuleId` in this module.
      */
-    GoogModuleDeclaration getModuleDeclaration() { result = getAChildStmt() }
+    ClosureModuleDeclaration getModuleDeclaration() { result.getTopLevel() = this }
 
     /**
      * Gets the namespace of this module.
      */
-    string getNamespaceId() { result = getModuleDeclaration().getNamespaceId() }
+    string getClosureNamespace() { result = getModuleDeclaration().getClosureNamespace() }
 
     override Module getAnImportedModule() {
-      exists(GoogRequireImport imprt |
-        imprt.getEnclosingModule() = this and
-        result.(ClosureModule).getNamespaceId() = imprt.getNamespaceId()
+      exists(ClosureRequireCall imprt |
+        imprt.getTopLevel() = this and
+        result.(ClosureModule).getClosureNamespace() = imprt.getClosureNamespace()
       )
     }
 
@@ -115,7 +154,7 @@ module Closure {
      * Has no result for ES6 modules using `goog.declareModuleId`.
      */
     Variable getExportsVariable() {
-      getModuleDeclaration().getFunctionName() = "module" and
+      getModuleDeclaration().getMethodName() = "module" and
       result = getScope().getVariable("exports")
     }
 
@@ -139,42 +178,52 @@ module Closure {
   class ClosureScript extends TopLevel {
     ClosureScript() {
       not this instanceof ClosureModule and
-      getAChildStmt() instanceof GoogProvide
-      or
-      getAChildStmt().(ExprStmt).getExpr() instanceof GoogRequire
+      (
+        any(ClosureProvideCall provide).getTopLevel() = this
+        or
+        any(ClosureRequireCall require).getTopLevel() = this
+      )
     }
 
     /** Gets the identifier of a namespace required by this module. */
     string getARequiredNamespace() {
-      result = getAChildStmt().(ExprStmt).getExpr().(GoogRequire).getNamespaceId()
+      exists(ClosureRequireCall require |
+        require.getTopLevel() = this and
+        result = require.getClosureNamespace()
+      )
     }
 
     /** Gets the identifer of a namespace provided by this module. */
-    string getAProvidedNamespace() { result = getAChildStmt().(GoogProvide).getNamespaceId() }
+    string getAProvidedNamespace() {
+      exists(ClosureProvideCall require |
+        require.getTopLevel() = this and
+        result = require.getClosureNamespace()
+      )
+    }
   }
 
   /**
    * Holds if `name` is a closure namespace, including proper namespace prefixes.
    */
   pragma[noinline]
-  predicate isLibraryNamespacePath(string name) {
-    exists(string namespace | namespace = any(GoogNamespaceRef provide).getNamespaceId() |
+  predicate isClosureNamespace(string name) {
+    exists(string namespace | namespace = any(ClosureNamespaceRef ref).getClosureNamespace() |
       name = namespace.substring(0, namespace.indexOf("."))
       or
       name = namespace
     )
   }
 
   /**
-   * Gets the closure namespace path addressed by the given dataflow node, if any.
+   * Gets the closure namespace path addressed by the given data flow node, if any.
    */
-  string getLibraryAccessPath(DataFlow::SourceNode node) {
-    isLibraryNamespacePath(result) and
+  string getClosureNamespaceFromSourceNode(DataFlow::SourceNode node) {
+    isClosureNamespace(result) and
     node = DataFlow::globalVarRef(result)
     or
     exists(DataFlow::SourceNode base, string basePath, string prop |
-      basePath = getLibraryAccessPath(base) and
-      isLibraryNamespacePath(basePath) and
+      basePath = getClosureNamespaceFromSourceNode(base) and
+      isClosureNamespace(basePath) and
       node = base.getAPropertyRead(prop) and
       result = basePath + "." + prop
     )
@@ -184,21 +233,24 @@ module Closure {
     // foo.bar = { baz() {} }
     exists(DataFlow::PropWrite write |
       node = write.getRhs() and
-      result = getWrittenLibraryAccessPath(write)
+      result = getWrittenClosureNamespace(write)
     )
     or
-    result = node.asExpr().(GoogRequire).getNamespaceId()
+    result = node.(ClosureNamespaceAccess).getClosureNamespace()
   }
 
   /**
    * Gets the closure namespace path written to by the given property write, if any.
    */
-  string getWrittenLibraryAccessPath(DataFlow::PropWrite node) {
-    result = getLibraryAccessPath(node.getBase().getALocalSource()) + "." + node.getPropertyName()
+  string getWrittenClosureNamespace(DataFlow::PropWrite node) {
+    result = getClosureNamespaceFromSourceNode(node.getBase().getALocalSource()) + "." +
+        node.getPropertyName()
   }
 
   /**
-   * Gets a dataflow node that refers to the given value exported from a Closure module.
+   * Gets a data flow node that refers to the given value exported from a Closure module.
    */
-  DataFlow::SourceNode moduleImport(string moduleName) { getLibraryAccessPath(result) = moduleName }
+  DataFlow::SourceNode moduleImport(string moduleName) {
+    getClosureNamespaceFromSourceNode(result) = moduleName
+  }
 }

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

@@ -1113,7 +1113,7 @@ module DataFlow {
     or
     exists(GlobalVarAccess va |
       nd = valueNode(va.(VarUse)) and
-      if Closure::isLibraryNamespacePath(va.getName()) then cause = "heap" else cause = "global"
+      if Closure::isClosureNamespace(va.getName()) then cause = "heap" else cause = "global"
     )
     or
     exists(Expr e | e = nd.asExpr() and cause = "call" |

javascript/ql/src/semmle/javascript/dataflow/internal/InterModuleTypeInference.qll

@@ -377,11 +377,13 @@ private class AnalyzedClosureExportAssign extends AnalyzedPropertyWrite, DataFlo
 private class AnalyzedClosureGlobalAccessPath extends AnalyzedNode, AnalyzedPropertyRead {
   string accessPath;
 
-  AnalyzedClosureGlobalAccessPath() { accessPath = Closure::getLibraryAccessPath(this) }
+  AnalyzedClosureGlobalAccessPath() {
+    accessPath = Closure::getClosureNamespaceFromSourceNode(this)
+  }
 
   override AnalyzedNode localFlowPred() {
     exists(DataFlow::PropWrite write |
-      Closure::getWrittenLibraryAccessPath(write) = accessPath and
+      Closure::getWrittenClosureNamespace(write) = accessPath and
       result = write.getRhs()
     )
     or
@@ -390,7 +392,7 @@ private class AnalyzedClosureGlobalAccessPath extends AnalyzedNode, AnalyzedProp
 
   override predicate reads(AbstractValue base, string propName) {
     exists(Closure::ClosureModule mod |
-      mod.getNamespaceId() = accessPath and
+      mod.getClosureNamespace() = accessPath and
       base = TAbstractModuleObject(mod) and
       propName = "exports"
     )