JS: add getADirectSuperClass()

Author: asger-semmle

javascript/ql/src/semmle/javascript/dataflow/Nodes.qll

@@ -538,6 +538,18 @@ class ClassNode extends DataFlow::SourceNode {
    * The constructor is not considered a static method.
    */
   FunctionNode getAStaticMethod() { result = impl.getAStaticMethod() }
+
+  /**
+   * Gets a direct super class of this class.
+   */
+  ClassNode getADirectSuperClass() {
+    result.getConstructor().getAstNode() = impl
+          .getASuperClassNode()
+          .analyze()
+          .getAValue()
+          .(AbstractCallable)
+          .getFunction()
+  }
 }
 
 module ClassNode {
@@ -586,6 +598,12 @@ module ClassNode {
      * The constructor is not considered a static method.
      */
     abstract FunctionNode getAStaticMethod();
+
+    /**
+     * Gets a dataflow node representing a class to be used as the super-class
+     * of this node.
+     */
+    abstract DataFlow::Node getASuperClassNode();
   }
 
   /**
@@ -635,6 +653,8 @@ module ClassNode {
         result = method.getBody().flow()
       )
     }
+
+    override DataFlow::Node getASuperClassNode() { result = astNode.getSuperClass().flow() }
   }
 
   /**
@@ -680,5 +700,22 @@ module ClassNode {
         result = call.getASourceOperand()
       )
     }
+
+    override DataFlow::Node getASuperClassNode() {
+      // C.prototype = Object.create(D.prototype)
+      exists(DataFlow::InvokeNode objectCreate, DataFlow::PropRead superProto |
+        getAPropertySource("prototype") = objectCreate and
+        objectCreate = DataFlow::globalVarRef("Object").getAMemberCall("create") and
+        superProto.flowsTo(objectCreate.getArgument(0)) and
+        superProto.getPropertyName() = "prototype" and
+        result = superProto.getBase()
+      )
+      or
+      // C.prototype = new D()
+      exists(DataFlow::NewNode newCall |
+        getAPropertySource("prototype") = newCall and
+        result = newCall.getCalleeNode()
+      )
+    }
   }
 }

javascript/ql/test/library-tests/ClassNode/InstanceMethod.expected

@@ -0,0 +1,4 @@
+| tst.js:4:17:4:21 | () {} | A.instanceMethod |
+| tst.js:7:6:7:10 | () {} | A.bar |
+| tst.js:15:19:15:31 | function() {} | B.foo |
+| tst.js:19:19:19:31 | function() {} | C.bar |

javascript/ql/test/library-tests/ClassNode/InstanceMethod.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from DataFlow::ClassNode cls, string name
+select cls.getAnInstanceMethod(name), cls.getName() + "." + name

javascript/ql/test/library-tests/ClassNode/SuperClass.expected

@@ -0,0 +1,3 @@
+| tst.js:11:1:11:21 | class A ... ds A {} | A2 | tst.js:3:1:8:1 | class A ... () {}\\n} | A |
+| tst.js:13:1:13:15 | function B() {} | B | tst.js:3:1:8:1 | class A ... () {}\\n} | A |
+| tst.js:17:1:17:15 | function C() {} | C | tst.js:13:1:13:15 | function B() {} | B |

javascript/ql/test/library-tests/ClassNode/SuperClass.ql

@@ -0,0 +1,5 @@
+import javascript
+
+from DataFlow::ClassNode cls, DataFlow::ClassNode sup
+where sup = cls.getADirectSuperClass()
+select cls, cls.getName(), sup, sup.getName()

javascript/ql/test/library-tests/ClassNode/tst.js

@@ -0,0 +1,19 @@
+import * as dummy from 'dummy'; // treat as module
+
+class A {
+  instanceMethod() {}
+  static staticMethod() {}
+  
+  bar() {}
+}
+
+
+class A2 extends A {}
+
+function B() {}
+B.prototype = Object.create(A.prototype);
+B.prototype.foo = function() {}
+
+function C() {}
+C.prototype = new B();
+C.prototype.bar = function() {}