add a direct Export step as a PreCallGraphStep

Author: erik-krogh

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

@@ -638,6 +638,20 @@ module NodeJSLib {
     }
   }
 
+  private import semmle.javascript.PackageExports as Exports
+
+  /**
+   * A direct step from an named export to a property-read reading the exported value.
+   */
+  private class ExportsStep extends PreCallGraphStep {
+    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+      exists(Import imp, string name |
+        succ = DataFlow::valueNode(imp).(DataFlow::SourceNode).getAPropertyRead(name) and
+        pred = Exports::getAnExportedValue(imp.getImportedModule(), name)
+      )
+    }
+  }
+
   /**
    * A call to a method from module `child_process`.
    */

javascript/ql/test/library-tests/TypeTracking/PredicateStyle.expected

@@ -70,3 +70,8 @@ dataValue
 | tst.js:51:30:51:33 | data |
 | tst.js:58:16:58:16 | x |
 | tst.js:68:16:68:19 | data |
+reexport
+| reexport/a.js:2:10:2:26 | function foo() {} | reexport/a.js:2:10:2:26 | function foo() {} |
+| reexport/a.js:2:10:2:26 | function foo() {} | reexport/test.js:3:13:3:17 | b.foo |
+| reexport/b.js:4:10:4:26 | function bar() {} | reexport/b.js:4:10:4:26 | function bar() {} |
+| reexport/b.js:4:10:4:26 | function bar() {} | reexport/test.js:4:13:4:17 | b.bar |

javascript/ql/test/library-tests/TypeTracking/PredicateStyle.ql

@@ -46,3 +46,15 @@ DataFlow::SourceNode dataValue(DataFlow::TypeTracker t) {
 }
 
 query DataFlow::SourceNode dataValue() { result = dataValue(DataFlow::TypeTracker::end()) }
+
+DataFlow::SourceNode reexport(DataFlow::TypeTracker t, DataFlow::FunctionNode func) {
+  t.start() and
+  func = result and
+  func.getFile().getParentContainer().getBaseName() = "reexport"
+  or
+  exists(DataFlow::TypeTracker t2 | result = reexport(t2, func).track(t2, t))
+}
+
+query DataFlow::SourceNode reexport(DataFlow::FunctionNode func) {
+  result = reexport(DataFlow::TypeTracker::end(), func)
+}

javascript/ql/test/library-tests/TypeTracking/reexport/a.js

@@ -0,0 +1,3 @@
+module.exports = {
+    foo: function foo() {}
+}

javascript/ql/test/library-tests/TypeTracking/reexport/b.js

@@ -0,0 +1,6 @@
+const a = require("./a");
+
+module.exports = {
+    bar: function bar() {}, // name: bar
+    ...a
+}

javascript/ql/test/library-tests/TypeTracking/reexport/test.js

@@ -0,0 +1,4 @@
+const b = require("./b");
+
+const foo = b.foo;
+const bar = b.bar;