use Parameter instead of SimpleParameter in remaining route-handler models

Author: erik-krogh

javascript/ql/src/semmle/javascript/frameworks/Connect.qll

@@ -30,17 +30,17 @@ module Connect {
      *
      * `kind` is one of: "error", "request", "response", "next".
      */
-    abstract SimpleParameter getRouteHandlerParameter(string kind);
+    abstract Parameter getRouteHandlerParameter(string kind);
 
     /**
      * Gets the parameter of the route handler that contains the request object.
      */
-    SimpleParameter getRequestParameter() { result = getRouteHandlerParameter("request") }
+    Parameter getRequestParameter() { result = getRouteHandlerParameter("request") }
 
     /**
      * Gets the parameter of the route handler that contains the response object.
      */
-    SimpleParameter getResponseParameter() { result = getRouteHandlerParameter("response") }
+    Parameter getResponseParameter() { result = getRouteHandlerParameter("response") }
   }
 
   /**
@@ -51,7 +51,7 @@ module Connect {
 
     StandardRouteHandler() { this = any(RouteSetup setup).getARouteHandler() }
 
-    override SimpleParameter getRouteHandlerParameter(string kind) {
+    override Parameter getRouteHandlerParameter(string kind) {
       result = getRouteHandlerParameter(astNode, kind)
     }
   }
@@ -180,7 +180,7 @@ module Connect {
     HTTP::Servers::StandardRouteHandler, DataFlow::FunctionNode {
     TrackedRouteHandlerCandidateWithSetup() { this = any(RouteSetup s).getARouteHandler() }
 
-    override SimpleParameter getRouteHandlerParameter(string kind) {
+    override Parameter getRouteHandlerParameter(string kind) {
       result = getRouteHandlerParameter(astNode, kind)
     }
   }

javascript/ql/src/semmle/javascript/frameworks/Firebase.qll

@@ -223,7 +223,7 @@ module Firebase {
 
       RouteHandler() { this = any(RouteSetup setup).getARouteHandler() }
 
-      override SimpleParameter getRouteHandlerParameter(string kind) {
+      override Parameter getRouteHandlerParameter(string kind) {
         kind = "request" and result = astNode.getParameter(0)
         or
         kind = "response" and result = astNode.getParameter(1)

javascript/ql/src/semmle/javascript/frameworks/Hapi.qll

@@ -30,7 +30,7 @@ module Hapi {
     /**
      * Gets the parameter of the route handler that contains the request object.
      */
-    SimpleParameter getRequestParameter() { result = function.getParameter(0) }
+    Parameter getRequestParameter() { result = function.getParameter(0) }
   }
 
   /**

javascript/ql/src/semmle/javascript/frameworks/Koa.qll

@@ -47,7 +47,7 @@ module Koa {
     /**
      * Gets the parameter of the route handler that contains the context object.
      */
-    SimpleParameter getContextParameter() { result = function.getParameter(0) }
+    Parameter getContextParameter() { result = function.getParameter(0) }
 
     /**
      * Gets an expression that contains the "context" object of

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

@@ -91,12 +91,12 @@ module NodeJSLib {
     /**
      * Gets the parameter of the route handler that contains the request object.
      */
-    SimpleParameter getRequestParameter() { result = getFunction().getParameter(0) }
+    Parameter getRequestParameter() { result = getFunction().getParameter(0) }
 
     /**
      * Gets the parameter of the route handler that contains the response object.
      */
-    SimpleParameter getResponseParameter() { result = getFunction().getParameter(1) }
+    Parameter getResponseParameter() { result = getFunction().getParameter(1) }
   }
 
   /**

javascript/ql/src/semmle/javascript/frameworks/Restify.qll

@@ -30,12 +30,12 @@ module Restify {
     /**
      * Gets the parameter of the route handler that contains the request object.
      */
-    SimpleParameter getRequestParameter() { result = function.getParameter(0) }
+    Parameter getRequestParameter() { result = function.getParameter(0) }
 
     /**
      * Gets the parameter of the route handler that contains the response object.
      */
-    SimpleParameter getResponseParameter() { result = function.getParameter(1) }
+    Parameter getResponseParameter() { result = function.getParameter(1) }
   }
 
   /**

javascript/ql/src/semmle/javascript/heuristics/AdditionalRouteHandlers.qll

@@ -29,7 +29,7 @@ private class PromotedExpressCandidate extends Express::RouteHandler,
   HTTP::Servers::StandardRouteHandler {
   PromotedExpressCandidate() { this instanceof ConnectExpressShared::RouteHandlerCandidate }
 
-  override SimpleParameter getRouteHandlerParameter(string kind) {
+  override Parameter getRouteHandlerParameter(string kind) {
     result = ConnectExpressShared::getRouteHandlerParameter(getAstNode(), kind)
   }
 }
@@ -41,7 +41,7 @@ private class PromotedConnectCandidate extends Connect::RouteHandler,
   HTTP::Servers::StandardRouteHandler {
   PromotedConnectCandidate() { this instanceof ConnectExpressShared::RouteHandlerCandidate }
 
-  override SimpleParameter getRouteHandlerParameter(string kind) {
+  override Parameter getRouteHandlerParameter(string kind) {
     result = ConnectExpressShared::getRouteHandlerParameter(getAstNode(), kind)
   }
 }

javascript/ql/test/library-tests/frameworks/Express/RouteHandler.qll

@@ -1,7 +1,7 @@
 import javascript
 
 query predicate test_RouteHandler(
-  Express::RouteHandler rh, SimpleParameter res0, SimpleParameter res1
+  Express::RouteHandler rh, Parameter res0, Parameter res1
 ) {
   res0 = rh.getRequestParameter() and res1 = rh.getResponseParameter()
 }

javascript/ql/test/library-tests/frameworks/connect/src/test.js

@@ -24,3 +24,7 @@ app.use(function(req,res){})
 app.use(function (error, req, res, next){
     res.setHeader('HEADER2', '');
 });
+
+app.use(function ({url, query, cookies}, res){
+    cookies.get(query.foobar);
+});

javascript/ql/test/library-tests/frameworks/connect/tests.expected

@@ -5,6 +5,7 @@ test_RouteSetup
 | src/test.js:19:1:19:28 | app.use ... res){}) |
 | src/test.js:19:1:20:29 | app.use ... res){}) |
 | src/test.js:24:1:26:2 | app.use ... '');\\n}) |
+| src/test.js:28:1:30:2 | app.use ... ar);\\n}) |
 test_RequestInputAccess
 | src/test.js:8:5:8:26 | req.coo ... ('foo') | cookie | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 test_RouteHandler_getAResponseHeader
@@ -21,6 +22,7 @@ test_ResponseExpr
 | src/test.js:20:23:20:25 | res | src/test.js:20:10:20:28 | function(req,res){} |
 | src/test.js:24:31:24:33 | res | src/test.js:24:9:26:1 | functio ...  '');\\n} |
 | src/test.js:25:5:25:7 | res | src/test.js:24:9:26:1 | functio ...  '');\\n} |
+| src/test.js:28:42:28:44 | res | src/test.js:28:9:30:1 | functio ... bar);\\n} |
 test_HeaderDefinition
 | src/test.js:7:5:7:32 | res.set ... 1', '') | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 | src/test.js:25:5:25:32 | res.set ... 2', '') | src/test.js:24:9:26:1 | functio ...  '');\\n} |
@@ -31,6 +33,7 @@ test_RouteSetup_getServer
 | src/test.js:19:1:19:28 | app.use ... res){}) | src/test.js:4:11:4:19 | connect() |
 | src/test.js:19:1:20:29 | app.use ... res){}) | src/test.js:4:11:4:19 | connect() |
 | src/test.js:24:1:26:2 | app.use ... '');\\n}) | src/test.js:4:11:4:19 | connect() |
+| src/test.js:28:1:30:2 | app.use ... ar);\\n}) | src/test.js:4:11:4:19 | connect() |
 test_HeaderDefinition_getAHeaderName
 | src/test.js:7:5:7:32 | res.set ... 1', '') | header1 |
 | src/test.js:25:5:25:32 | res.set ... 2', '') | header2 |
@@ -44,6 +47,7 @@ test_RouteHandler_getAResponseExpr
 | src/test.js:20:10:20:28 | function(req,res){} | src/test.js:20:23:20:25 | res |
 | src/test.js:24:9:26:1 | functio ...  '');\\n} | src/test.js:24:31:24:33 | res |
 | src/test.js:24:9:26:1 | functio ...  '');\\n} | src/test.js:25:5:25:7 | res |
+| src/test.js:28:9:30:1 | functio ... bar);\\n} | src/test.js:28:42:28:44 | res |
 test_RouteSetup_getARouteHandler
 | src/test.js:6:1:9:2 | app.use ... o');\\n}) | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 | src/test.js:12:1:12:42 | app.use ... word')) | src/test.js:12:9:12:41 | basicAu ... sword') |
@@ -53,19 +57,22 @@ test_RouteSetup_getARouteHandler
 | src/test.js:19:1:19:28 | app.use ... res){}) | src/test.js:19:9:19:27 | function(req,res){} |
 | src/test.js:19:1:20:29 | app.use ... res){}) | src/test.js:20:10:20:28 | function(req,res){} |
 | src/test.js:24:1:26:2 | app.use ... '');\\n}) | src/test.js:24:9:26:1 | functio ...  '');\\n} |
+| src/test.js:28:1:30:2 | app.use ... ar);\\n}) | src/test.js:28:9:30:1 | functio ... bar);\\n} |
 test_RouteHandler
 | src/test.js:6:9:9:1 | functio ... oo');\\n} | src/test.js:4:11:4:19 | connect() |
 | src/test.js:15:12:15:32 | functio ...  res){} | src/test.js:4:11:4:19 | connect() |
 | src/test.js:19:9:19:27 | function(req,res){} | src/test.js:4:11:4:19 | connect() |
 | src/test.js:20:10:20:28 | function(req,res){} | src/test.js:4:11:4:19 | connect() |
 | src/test.js:24:9:26:1 | functio ...  '');\\n} | src/test.js:4:11:4:19 | connect() |
+| src/test.js:28:9:30:1 | functio ... bar);\\n} | src/test.js:4:11:4:19 | connect() |
 test_RequestExpr
 | src/test.js:6:27:6:29 | req | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 | src/test.js:8:5:8:7 | req | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 | src/test.js:15:22:15:24 | req | src/test.js:15:12:15:32 | functio ...  res){} |
 | src/test.js:19:18:19:20 | req | src/test.js:19:9:19:27 | function(req,res){} |
 | src/test.js:20:19:20:21 | req | src/test.js:20:10:20:28 | function(req,res){} |
 | src/test.js:24:26:24:28 | req | src/test.js:24:9:26:1 | functio ...  '');\\n} |
+| src/test.js:28:19:28:39 | {url, q ... ookies} | src/test.js:28:9:30:1 | functio ... bar);\\n} |
 test_Credentials
 | src/test.js:12:19:12:28 | 'username' | user name |
 | src/test.js:12:31:12:40 | 'password' | password |
@@ -76,3 +83,4 @@ test_RouteHandler_getARequestExpr
 | src/test.js:19:9:19:27 | function(req,res){} | src/test.js:19:18:19:20 | req |
 | src/test.js:20:10:20:28 | function(req,res){} | src/test.js:20:19:20:21 | req |
 | src/test.js:24:9:26:1 | functio ...  '');\\n} | src/test.js:24:26:24:28 | req |
+| src/test.js:28:9:30:1 | functio ... bar);\\n} | src/test.js:28:19:28:39 | {url, q ... ookies} |