JavaScript: Resolve AMD imports based on absolute paths if there is only a single candidate.

Author: Max Schaefer

javascript/ql/src/semmle/javascript/AMD.qll

@@ -216,6 +216,59 @@ private class AmdDependencyImport extends Import {
   override PathExpr getImportedPath() {
     result = this
   }
+ 
+  /**
+   * Gets a file that looks like it might be the target of this import.
+   *
+   * Specifically, we look for files whose absolute path ends with the imported path, possibly
+   * adding well-known JavaScript file extensions like `.js`.
+   */
+  private File guessTarget() {
+    exists(PathString imported, string abspath, string dirname, string basename |
+      targetCandidate(result, abspath, imported, dirname, basename)
+    |
+      abspath.regexpMatch(".*/\\Q" + imported + "\\E")
+      or
+      exists(Folder dir |
+        // `dir` ends with the dirname of the imported path
+        dir.getAbsolutePath().regexpMatch(".*/\\Q" + dirname + "\\E") or
+        dirname = ""
+      |
+        result = dir.getJavaScriptFile(basename)
+      )
+    )
+  }
+
+  /**
+   * Holds if `f` is a file whose stem (that is, basename without extension) matches the imported path.
+   *
+   * Additionally, `abspath` is bound to the absolute path of `f`, `imported` to the imported path, and
+   * `dirname` and `basename` to the dirname and basename (respectively) of `imported`.
+   */
+  private predicate targetCandidate(
+    File f, string abspath, PathString imported, string dirname, string basename
+  ) {
+   imported = getImportedPath().getValue() and
+    f.getStem() = imported.getStem() and
+    f.getAbsolutePath() = abspath and
+    dirname = imported.getDirName() and
+    basename = imported.getBaseName()
+  }
+
+  /**
+   * Gets the module whose absolute path matches this import, if there is only a single such module.
+   */
+  private Module resolveByAbsolutePath() {
+    count(guessTarget()) = 1 and
+    result.getFile() = guessTarget()
+  }
+
+  override Module getImportedModule() {
+    result = super.getImportedModule()
+    or
+    not exists(super.getImportedModule()) and
+    result = resolveByAbsolutePath()
+  }
 }
 
 /**

javascript/ql/src/semmle/javascript/Paths.qll

@@ -76,6 +76,26 @@ private class ConsPath extends Path, TConsPath {
   override string toString() { result = pp(this) }
 }
 
+/**
+ * Gets a regular expression that can be used to parse slash-separated paths.
+ *
+ * The first capture group captures the dirname of the path, that is, everything
+ * before the last slash, or the empty string if there isn't a slash.
+ *
+ * The second capture group captures the basename of the path, that is, everything
+ * after the last slash, or the entire path if there isn't a slash.
+ *
+ * The third capture group captures the stem of the basename, that is, everything
+ * before the last dot, or the entire basename if there isn't a dot.
+ *
+ * Finally, the fourth and fifth capture groups capture the extension of the basename,
+ * that is, everything after the last dot. The fourth group includes the dot, the
+ * fifth does not.
+ */
+private string pathRegex() {
+  result = "(.*)(?:/|^)(([^/]*?)(\\.([^.]*))?)"
+}
+
 /**
  * A string value that represents a (relative or absolute) file system path.
  *
@@ -98,7 +118,17 @@ abstract class PathString extends string {
   int getNumComponent() { result = count(int i | exists(getComponent(i))) }
 
   /** Gets the base name of the folder or file this path refers to. */
-  string getBaseName() { result = this.regexpCapture("(.*/|^)([^/]+)", 2) }
+  string getBaseName() { result = this.regexpCapture(pathRegex(), 2) }
+
+  /**
+   * Gets stem of the folder or file this path refers to, that is, the prefix of its base name
+   * up to (but not including) the last dot character if there is one, or the entire
+   * base name if there is not
+   */
+  string getStem() { result = this.regexpCapture(pathRegex(), 3) }
+
+  /** Gets the path of the parent folder of the folder or file this path refers to. */
+  string getDirName() { result = this.regexpCapture(pathRegex(), 1) }
 
   /**
    * Gets the absolute path that the sub-path consisting of the first `n`

javascript/ql/test/library-tests/AMD/AmdModule.expected

@@ -1,6 +1,10 @@
 | a.js:1:1:3:3 | <toplevel> | a.js:1:1:3:2 | define( ... 2 };\\n}) |
 | dir/b.js:1:1:3:3 | <toplevel> | dir/b.js:1:1:3:2 | define( ... : 42\\n}) |
+| lib/a.js:1:1:3:3 | <toplevel> | lib/a.js:1:1:3:2 | define( ... 2 };\\n}) |
+| lib/foo.js:1:1:4:0 | <toplevel> | lib/foo.js:1:1:3:2 | define( ... : 23\\n}) |
+| lib/nested/a.js:1:1:3:3 | <toplevel> | lib/nested/a.js:1:1:3:2 | define( ... 2 };\\n}) |
 | tst2.js:1:1:3:3 | <toplevel> | tst2.js:1:1:3:2 | define( ...  42;\\n}) |
 | tst3.js:1:1:3:3 | <toplevel> | tst3.js:1:1:3:2 | define( ...  42;\\n}) |
+| tst4.js:1:1:11:3 | <toplevel> | tst4.js:1:1:11:2 | define( ...   };\\n}) |
 | tst.js:1:1:6:3 | <toplevel> | tst.js:1:1:6:2 | define( ...   };\\n}) |
 | umd.js:1:1:14:4 | <toplevel> | umd.js:4:9:4:43 | define( ... actory) |

javascript/ql/test/library-tests/AMD/AmdModuleDefinition.expected

@@ -1,6 +1,10 @@
 | a.js:1:1:3:2 | define( ... 2 };\\n}) | a.js:1:8:3:1 | functio ... 42 };\\n} |
 | dir/b.js:1:1:3:2 | define( ... : 42\\n}) | dir/b.js:1:8:3:1 | {\\n    bar: 42\\n} |
+| lib/a.js:1:1:3:2 | define( ... 2 };\\n}) | lib/a.js:1:8:3:1 | functio ... 42 };\\n} |
+| lib/foo.js:1:1:3:2 | define( ... : 23\\n}) | lib/foo.js:1:8:3:1 | {\\n    foo: 23\\n} |
+| lib/nested/a.js:1:1:3:2 | define( ... 2 };\\n}) | lib/nested/a.js:1:8:3:1 | functio ... 42 };\\n} |
 | tst2.js:1:1:3:2 | define( ...  42;\\n}) | tst2.js:1:21:3:1 | functio ... = 42;\\n} |
 | tst3.js:1:1:3:2 | define( ...  42;\\n}) | tst3.js:1:8:3:1 | functio ... = 42;\\n} |
+| tst4.js:1:1:11:2 | define( ...   };\\n}) | tst4.js:6:11:11:1 | functio ...    };\\n} |
 | tst.js:1:1:6:2 | define( ...   };\\n}) | tst.js:1:28:6:1 | functio ...    };\\n} |
 | umd.js:4:9:4:43 | define( ... actory) | umd.js:9:9:14:1 | functio ...    };\\n} |

javascript/ql/test/library-tests/AMD/AmdModuleDependencies.expected

@@ -1,5 +1,9 @@
 | tst2.js:1:1:3:2 | define( ...  42;\\n}) | tst2.js:1:9:1:17 | 'exports' |
 | tst3.js:1:1:3:2 | define( ...  42;\\n}) | tst3.js:2:21:2:25 | './a' |
+| tst4.js:1:1:11:2 | define( ...   };\\n}) | tst4.js:2:9:2:14 | 'a.js' |
+| tst4.js:1:1:11:2 | define( ...   };\\n}) | tst4.js:3:9:3:13 | 'foo' |
+| tst4.js:1:1:11:2 | define( ...   };\\n}) | tst4.js:4:9:4:18 | 'nested/a' |
+| tst4.js:1:1:11:2 | define( ...   };\\n}) | tst4.js:5:9:5:20 | 'lib/foo.js' |
 | tst.js:1:1:6:2 | define( ...   };\\n}) | tst.js:1:9:1:13 | './a' |
 | tst.js:1:1:6:2 | define( ...   };\\n}) | tst.js:1:16:1:24 | './dir/b' |
 | umd.js:4:9:4:43 | define( ... actory) | umd.js:4:17:4:21 | './a' |

javascript/ql/test/library-tests/AMD/AmdModuleExportedSymbol.expected

@@ -1,7 +1,12 @@
 | a.js:1:1:3:3 | <toplevel> | foo |
 | dir/b.js:1:1:3:3 | <toplevel> | bar |
+| lib/a.js:1:1:3:3 | <toplevel> | foo |
+| lib/foo.js:1:1:4:0 | <toplevel> | foo |
+| lib/nested/a.js:1:1:3:3 | <toplevel> | foo |
 | tst2.js:1:1:3:3 | <toplevel> | foo |
 | tst3.js:1:1:3:3 | <toplevel> | foo |
+| tst4.js:1:1:11:3 | <toplevel> | bar |
+| tst4.js:1:1:11:3 | <toplevel> | foo |
 | tst.js:1:1:6:3 | <toplevel> | bar |
 | tst.js:1:1:6:3 | <toplevel> | foo |
 | umd.js:1:1:14:4 | <toplevel> | bar |

javascript/ql/test/library-tests/AMD/AmdModuleExpr.expected

@@ -1,4 +1,8 @@
 | a.js:1:1:3:2 | define( ... 2 };\\n}) | a.js:2:12:2:22 | { foo: 42 } | a.js:2:12:2:22 | { foo: 42 } |
 | dir/b.js:1:1:3:2 | define( ... : 42\\n}) | dir/b.js:1:8:3:1 | {\\n    bar: 42\\n} | dir/b.js:1:8:3:1 | {\\n    bar: 42\\n} |
+| lib/a.js:1:1:3:2 | define( ... 2 };\\n}) | lib/a.js:2:12:2:22 | { foo: 42 } | lib/a.js:2:12:2:22 | { foo: 42 } |
+| lib/foo.js:1:1:3:2 | define( ... : 23\\n}) | lib/foo.js:1:8:3:1 | {\\n    foo: 23\\n} | lib/foo.js:1:8:3:1 | {\\n    foo: 23\\n} |
+| lib/nested/a.js:1:1:3:2 | define( ... 2 };\\n}) | lib/nested/a.js:2:12:2:22 | { foo: 42 } | lib/nested/a.js:2:12:2:22 | { foo: 42 } |
+| tst4.js:1:1:11:2 | define( ...   };\\n}) | tst4.js:7:12:10:5 | {\\n      ... r\\n    } | tst4.js:7:12:10:5 | {\\n      ... r\\n    } |
 | tst.js:1:1:6:2 | define( ...   };\\n}) | tst.js:2:12:5:5 | {\\n      ... r\\n    } | tst.js:2:12:5:5 | {\\n      ... r\\n    } |
 | umd.js:4:9:4:43 | define( ... actory) | umd.js:10:12:13:5 | {\\n      ... r\\n    } | umd.js:10:12:13:5 | {\\n      ... r\\n    } |

javascript/ql/test/library-tests/AMD/AmdModuleImportedModule.expected

@@ -1,5 +1,8 @@
-| tst3.js:1:1:3:3 | <toplevel> | a.js:1:1:3:3 | <toplevel> |
-| tst.js:1:1:6:3 | <toplevel> | a.js:1:1:3:3 | <toplevel> |
-| tst.js:1:1:6:3 | <toplevel> | dir/b.js:1:1:3:3 | <toplevel> |
-| umd.js:1:1:14:4 | <toplevel> | a.js:1:1:3:3 | <toplevel> |
-| umd.js:1:1:14:4 | <toplevel> | dir/b.js:1:1:3:3 | <toplevel> |
+| tst3.js:1:1:3:3 | <toplevel> | tst3.js:2:21:2:25 | './a' | a.js:1:1:3:3 | <toplevel> |
+| tst4.js:1:1:11:3 | <toplevel> | tst4.js:3:9:3:13 | 'foo' | lib/foo.js:1:1:4:0 | <toplevel> |
+| tst4.js:1:1:11:3 | <toplevel> | tst4.js:4:9:4:18 | 'nested/a' | lib/nested/a.js:1:1:3:3 | <toplevel> |
+| tst4.js:1:1:11:3 | <toplevel> | tst4.js:5:9:5:20 | 'lib/foo.js' | lib/foo.js:1:1:4:0 | <toplevel> |
+| tst.js:1:1:6:3 | <toplevel> | tst.js:1:9:1:13 | './a' | a.js:1:1:3:3 | <toplevel> |
+| tst.js:1:1:6:3 | <toplevel> | tst.js:1:16:1:24 | './dir/b' | dir/b.js:1:1:3:3 | <toplevel> |
+| umd.js:1:1:14:4 | <toplevel> | umd.js:4:17:4:21 | './a' | a.js:1:1:3:3 | <toplevel> |
+| umd.js:1:1:14:4 | <toplevel> | umd.js:4:24:4:32 | './dir/b' | dir/b.js:1:1:3:3 | <toplevel> |

javascript/ql/test/library-tests/AMD/AmdModuleImportedModule.ql

@@ -1,4 +1,5 @@
 import javascript
 
-from AmdModule m
-select m, m.getAnImportedModule()
+from AmdModule m, Import i
+where i = m.getAnImport()
+select m, i, i.getImportedModule()

javascript/ql/test/library-tests/AMD/AmdModule_exports.expected

@@ -1,7 +1,12 @@
 | a.js:1:1:3:3 | <toplevel> | foo | a.js:2:14:2:20 | foo: 42 |
 | dir/b.js:1:1:3:3 | <toplevel> | bar | dir/b.js:2:5:2:11 | bar: 42 |
+| lib/a.js:1:1:3:3 | <toplevel> | foo | lib/a.js:2:14:2:20 | foo: 42 |
+| lib/foo.js:1:1:4:0 | <toplevel> | foo | lib/foo.js:2:5:2:11 | foo: 23 |
+| lib/nested/a.js:1:1:3:3 | <toplevel> | foo | lib/nested/a.js:2:14:2:20 | foo: 42 |
 | tst2.js:1:1:3:3 | <toplevel> | foo | tst2.js:2:5:2:15 | exports.foo |
 | tst3.js:1:1:3:3 | <toplevel> | foo | tst3.js:2:29:2:39 | exports.foo |
+| tst4.js:1:1:11:3 | <toplevel> | bar | tst4.js:9:9:9:18 | bar: b.bar |
+| tst4.js:1:1:11:3 | <toplevel> | foo | tst4.js:8:9:8:18 | foo: a.foo |
 | tst.js:1:1:6:3 | <toplevel> | bar | tst.js:4:9:4:18 | bar: b.bar |
 | tst.js:1:1:6:3 | <toplevel> | foo | tst.js:3:9:3:18 | foo: a.foo |
 | umd.js:1:1:14:4 | <toplevel> | bar | umd.js:11:9:11:18 | bar: a.foo |