JS: generalize to include default imports

Author: asger-semmle

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

@@ -39,7 +39,7 @@ module DataFlow {
       not exists(SsaExplicitDefinition ssa | p = ssa.getDef())
     } or
     TDestructuredModuleImportNode(ImportDeclaration decl) {
-      decl.getASpecifier() instanceof NamedImportSpecifier
+      exists(decl.getASpecifier().getImportedName())
     }
 
   /**
@@ -346,10 +346,7 @@ module DataFlow {
   }
 
   /**
-   * A node referring to the module imported at a named ES2015 import declaration.
-   *
-   * Default imports and namespace imports do not fall into this category, as the
-   * SSA definition of the local variable is used as the source of the module instead.
+   * A node referring to the module imported at a named or default ES2015 import declaration.
    */
   private class DestructuredModuleImportNode extends Node, TDestructuredModuleImportNode {
     ImportDeclaration imprt;
@@ -687,13 +684,14 @@ module DataFlow {
   /**
    * A named import specifier seen as a property read on the imported module.
    */
-  private class NamedImportSpecifierAsPropRead extends PropRead {
+  private class ImportSpecifierAsPropRead extends PropRead {
     ImportDeclaration imprt;
 
-    NamedImportSpecifier spec;
+    ImportSpecifier spec;
 
-    NamedImportSpecifierAsPropRead() {
+    ImportSpecifierAsPropRead() {
       spec = imprt.getASpecifier() and
+      exists(spec.getImportedName()) and
       exists(SsaExplicitDefinition ssa |
         ssa.getDef() = spec and
         this = TSsaDefNode(ssa)

javascript/ql/test/library-tests/InterProceduralFlow/TaintTracking.expected

@@ -18,6 +18,7 @@
 | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) |
 | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) |
 | nodeJsLib.js:1:15:1:23 | "tainted" | esClient.js:7:13:7:18 | nj.foo |
+| nodeJsLib.js:1:15:1:23 | "tainted" | esClient.js:10:13:10:17 | njFoo |
 | nodeJsLib.js:1:15:1:23 | "tainted" | nodeJsClient.js:4:13:4:18 | nj.foo |
 | nodeJsLib.js:2:15:2:23 | "tainted" | esClient.js:7:13:7:18 | nj.foo |
 | nodeJsLib.js:2:15:2:23 | "tainted" | esClient.js:10:13:10:17 | njFoo |

javascript/ql/test/library-tests/ModuleImportNodes/ModuleImportNode_getAPropertyRead.expected

@@ -2,6 +2,7 @@
 | amd2.js:2:12:2:24 | require('fs') | amd2.js:3:3:3:17 | fs.readFileSync |
 | destructuringES6.js:1:1:1:41 | import  ... ctron'; | destructuringES6.js:1:10:1:22 | BrowserWindow |
 | destructuringRequire.js:1:27:1:45 | require('electron') | destructuringRequire.js:1:9:1:21 | BrowserWindow |
+| instanceThroughDefaultImport.js:1:1:1:82 | import  ... tance'; | instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName |
 | moduleUses.js:1:11:1:24 | require('mod') | moduleUses.js:3:1:3:16 | mod.moduleMethod |
 | moduleUses.js:1:11:1:24 | require('mod') | moduleUses.js:5:9:5:26 | mod.moduleFunction |
 | moduleUses.js:1:11:1:24 | require('mod') | moduleUses.js:8:9:8:31 | mod.con ... unction |

javascript/ql/test/library-tests/ModuleImportNodes/ModuleImportNode_getPath.expected

@@ -2,6 +2,7 @@
 | amd2.js:2:12:2:24 | require('fs') | fs |
 | destructuringES6.js:1:1:1:41 | import  ... ctron'; | electron |
 | destructuringRequire.js:1:27:1:45 | require('electron') | electron |
+| instanceThroughDefaultImport.js:1:1:1:82 | import  ... tance'; | myDefaultImportedModuleInstance |
 | instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName | myDefaultImportedModuleInstance |
 | instanceThroughNamespaceImport.js:1:8:1:49 | myNamespaceImportedModuleInstanceName | myNamespaceImportedModuleInstance |
 | instanceThroughRequire.js:1:36:1:70 | require ... tance') | myRequiredModuleInstance |

javascript/ql/test/library-tests/ModuleImportNodes/moduleImport.expected

@@ -3,6 +3,7 @@
 | fs | amd1.js:1:25:1:26 | fs |
 | fs | amd2.js:2:12:2:24 | require('fs') |
 | mod | moduleUses.js:1:11:1:24 | require('mod') |
+| myDefaultImportedModuleInstance | instanceThroughDefaultImport.js:1:1:1:82 | import  ... tance'; |
 | myDefaultImportedModuleInstance | instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName |
 | myNamespaceImportedModuleInstance | instanceThroughNamespaceImport.js:1:8:1:49 | myNamespaceImportedModuleInstanceName |
 | myRequiredModuleInstance | instanceThroughRequire.js:1:36:1:70 | require ... tance') |

javascript/ql/test/library-tests/ModuleImportNodes/moduleImportProp.expected

@@ -6,3 +6,4 @@
 | mod | moduleField | moduleUses.js:11:1:11:15 | mod.moduleField |
 | mod | moduleFunction | moduleUses.js:5:9:5:26 | mod.moduleFunction |
 | mod | moduleMethod | moduleUses.js:3:1:3:16 | mod.moduleMethod |
+| myDefaultImportedModuleInstance | default | instanceThroughDefaultImport.js:1:8:1:42 | myDefaultImportedModuleInstanceName |

javascript/ql/test/library-tests/Portals/PortalExit.expected

@@ -1038,4 +1038,6 @@
 | (return (root https://www.npmjs.com/package/m2)) | src/m3/tst3.js:4:1:4:11 | new A("me") | false |
 | (return (root https://www.npmjs.com/package/m2)) | src/m3/tst3.js:5:1:5:11 | new A("me") | false |
 | (root https://www.npmjs.com/package/m1) | src/m3/index.js:1:10:1:22 | require("m1") | false |
+| (root https://www.npmjs.com/package/m2) | src/m3/tst2.js:1:1:1:25 | import  ... m "m2"; | false |
+| (root https://www.npmjs.com/package/m2) | src/m3/tst3.js:1:1:1:19 | import A from "m2"; | false |
 | (root https://www.npmjs.com/package/m2) | src/m3/tst3.js:1:8:1:8 | A | false |