JS: extract getDefaultNode from DefaultRange

Esben Sparre Andreasen · Esben Sparre Andreasen · commit f74653be46ea · 2019-05-27T22:32:32.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/AMD.qll b/javascript/ql/src/semmle/javascript/AMD.qll
@@ -263,6 +263,13 @@ private class AmdDependencyImport extends Import {
     not exists(super.getImportedModule()) and
     result = resolveByAbsolutePath()
   }
+
+  override DataFlow::Node getDefaultNode() {
+    exists(Parameter param |
+      any(AmdModuleDefinition def).dependencyParameter(this, param) and
+      result = DataFlow::parameterNode(param)
+    )
+  }
 }
 
 /**
diff --git a/javascript/ql/src/semmle/javascript/ES2015Modules.qll b/javascript/ql/src/semmle/javascript/ES2015Modules.qll
@@ -43,6 +43,22 @@ class ImportDeclaration extends Stmt, Import, @importdeclaration {
 
   /** Gets an import specifier of this import declaration. */
   ImportSpecifier getASpecifier() { result = getSpecifier(_) }
+
+  override DataFlow::Node getDefaultNode() {
+    // `import * as http from 'http'` or `import http from `http`'
+    exists(ImportSpecifier is |
+      is = getASpecifier() and
+      result = DataFlow::ssaDefinitionNode(SSA::definition(is))
+    |
+      is instanceof ImportNamespaceSpecifier and
+      count(getASpecifier()) = 1
+      or
+      is.getImportedName() = "default"
+    )
+    or
+    // `import { createServer } from 'http'`
+    result = DataFlow::destructuredModuleImportNode(this)
+  }
 }
 
 /** A literal path expression appearing in an `import` declaration. */
diff --git a/javascript/ql/src/semmle/javascript/Expr.qll b/javascript/ql/src/semmle/javascript/Expr.qll
@@ -1562,6 +1562,8 @@ class DynamicImportExpr extends @dynamicimport, Expr, Import {
   override PathExpr getImportedPath() { result = getSource() }
 
   override Module getEnclosingModule() { result = getTopLevel() }
+
+  override DataFlow::Node getDefaultNode() { result = DataFlow::valueNode(this) }
 }
 
 /** A literal path expression appearing in a dynamic import. */
diff --git a/javascript/ql/src/semmle/javascript/Modules.qll b/javascript/ql/src/semmle/javascript/Modules.qll
@@ -160,6 +160,11 @@ abstract class Import extends ASTNode {
       result = resolveFromTypeRoot()
     )
   }
+
+  /**
+   * Gets the data flow node that the default import of this import is available at.
+   */
+  abstract DataFlow::Node getDefaultNode();
 }
 
 /**
diff --git a/javascript/ql/src/semmle/javascript/NodeJS.qll b/javascript/ql/src/semmle/javascript/NodeJS.qll
@@ -234,6 +234,8 @@ class Require extends CallExpr, Import {
           priority - (prioritiesPerCandidate() * r + numberOfExtensions() + 1))
     )
   }
+
+  override DataFlow::Node getDefaultNode() { result = DataFlow::valueNode(this) }
 }
 
 /** An argument to `require` or `require.resolve`, considered as a path expression. */
diff --git a/javascript/ql/src/semmle/javascript/TypeScript.qll b/javascript/ql/src/semmle/javascript/TypeScript.qll
@@ -212,6 +212,8 @@ class ExternalModuleReference extends Expr, Import, @externalmodulereference {
   override ControlFlowNode getFirstControlFlowNode() {
     result = getExpression().getFirstControlFlowNode()
   }
+
+  override DataFlow::Node getDefaultNode() { result = DataFlow::valueNode(this) }
 }
 
 /** A literal path expression appearing in an external module reference. */
diff --git a/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll b/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
@@ -461,37 +461,9 @@ module ModuleImportNode {
     string path;
 
     DefaultRange() {
-      // `require("http")`
-      exists(Require req | req.getImportedPath().getValue() = path |
-        this = DataFlow::valueNode(req)
-      )
-      or
-      // `import http = require("http")`
-      exists(ExternalModuleReference req | req.getImportedPath().getValue() = path |
-        this = DataFlow::valueNode(req)
-      )
-      or
-      // `import * as http from 'http'` or `import http from `http`'
-      exists(ImportDeclaration id, ImportSpecifier is |
-        id.getImportedPath().getValue() = path and
-        is = id.getASpecifier() and
-        this = DataFlow::ssaDefinitionNode(SSA::definition(is))
-      |
-        is instanceof ImportNamespaceSpecifier and
-        count(id.getASpecifier()) = 1
-        or
-        is.getImportedName() = "default"
-      )
-      or
-      // `import { createServer } from 'http'`
-      exists(ImportDeclaration id |
-        this = DataFlow::destructuredModuleImportNode(id) and
-        id.getImportedPath().getValue() = path
-      )
-      or
-      // declared AMD dependency
-      exists(AmdModuleDefinition amd |
-        this = DataFlow::parameterNode(amd.getDependencyParameter(path))
+      exists(Import i |
+        this = i.getDefaultNode() and
+        i.getImportedPath().getValue() = path
       )
       or
       // AMD require

Original file line number	Diff line number	Diff line change
`@@ -263,6 +263,13 @@ private class AmdDependencyImport extends Import {`
`263`	`263`	`not exists(super.getImportedModule()) and`
`264`	`264`	`result = resolveByAbsolutePath()`
`265`	`265`	`}`
	`266`	`+`
	`267`	`+ override DataFlow::Node getDefaultNode() {`
	`268`	`+ exists(Parameter param \|`
	`269`	`+ any(AmdModuleDefinition def).dependencyParameter(this, param) and`
	`270`	`+ result = DataFlow::parameterNode(param)`
	`271`	`+ )`
	`272`	`+ }`
`266`	`273`	`}`
`267`	`274`
`268`	`275`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -1562,6 +1562,8 @@ class DynamicImportExpr extends @dynamicimport, Expr, Import {`
`1562`	`1562`	`override PathExpr getImportedPath() { result = getSource() }`
`1563`	`1563`
`1564`	`1564`	`override Module getEnclosingModule() { result = getTopLevel() }`
	`1565`	`+`
	`1566`	`+ override DataFlow::Node getDefaultNode() { result = DataFlow::valueNode(this) }`
`1565`	`1567`	`}`
`1566`	`1568`
`1567`	`1569`	`/** A literal path expression appearing in a dynamic import. */`
Original file line number	Diff line number	Diff line change
`@@ -160,6 +160,11 @@ abstract class Import extends ASTNode {`
`160`	`160`	`result = resolveFromTypeRoot()`
`161`	`161`	`)`
`162`	`162`	`}`
	`163`	`+`
	`164`	`+ /**`
	`165`	`+ * Gets the data flow node that the default import of this import is available at.`
	`166`	`+ */`
	`167`	`+ abstract DataFlow::Node getDefaultNode();`
`163`	`168`	`}`
`164`	`169`
`165`	`170`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -234,6 +234,8 @@ class Require extends CallExpr, Import {`
`234`	`234`	`priority - (prioritiesPerCandidate() * r + numberOfExtensions() + 1))`
`235`	`235`	`)`
`236`	`236`	`}`
	`237`	`+`
	`238`	`+ override DataFlow::Node getDefaultNode() { result = DataFlow::valueNode(this) }`
`237`	`239`	`}`
`238`	`240`
`239`	`241`	/** An argument to `require` or `require.resolve`, considered as a path expression. */
Original file line number	Diff line number	Diff line change
`@@ -212,6 +212,8 @@ class ExternalModuleReference extends Expr, Import, @externalmodulereference {`
`212`	`212`	`override ControlFlowNode getFirstControlFlowNode() {`
`213`	`213`	`result = getExpression().getFirstControlFlowNode()`
`214`	`214`	`}`
	`215`	`+`
	`216`	`+ override DataFlow::Node getDefaultNode() { result = DataFlow::valueNode(this) }`
`215`	`217`	`}`
`216`	`218`
`217`	`219`	`/** A literal path expression appearing in an external module reference. */`