From eca04ff73f77390d7457f514179084085c7843da Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 3 Dec 2024 09:54:55 +0100 Subject: [PATCH 1/2] JS: refactor getADependency to return a string --- javascript/ql/lib/semmle/javascript/NPM.qll | 6 +++--- javascript/ql/lib/semmle/javascript/frameworks/Next.qll | 2 +- javascript/ql/lib/semmle/javascript/frameworks/Redux.qll | 2 +- .../ql/lib/semmle/javascript/frameworks/Templating.qll | 2 +- javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll | 2 +- javascript/ql/src/NodeJS/UnresolvableImport.ql | 2 +- .../Introducing the JavaScript libraries/query19.qll | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index b70ff8055b4f..783ac0401428 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -158,7 +158,7 @@ class PackageJson extends JsonObject { * different from the other dependency types. */ predicate declaresDependency(string pkg, string version) { - this.getADependenciesObject(_).getADependency(pkg, version) + this.getADependenciesObject(_).getADependency(pkg) = version } /** Gets the engine dependencies of this package. */ @@ -340,8 +340,8 @@ class PackageDependencies extends JsonObject { ) } - /** Holds if this package depends on version 'version' of package 'pkg'. */ - predicate getADependency(string pkg, string version) { version = this.getPropStringValue(pkg) } + /** Returns the version of the specified package that this package depends on. */ + string getADependency(string pkg) { result = this.getPropStringValue(pkg) } } /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index 8fce608a9704..d1bc3f8fd058 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -11,7 +11,7 @@ module NextJS { /** * Gets a `package.json` that depends on the `Next.js` library. */ - PackageJson getANextPackage() { result.getDependencies().getADependency("next", _) } + PackageJson getANextPackage() { exists(result.getDependencies().getADependency("next")) } /** * Gets a "pages" folder in a `Next.js` application. diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Redux.qll b/javascript/ql/lib/semmle/javascript/frameworks/Redux.qll index 78931da585a4..3096fff11bf6 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Redux.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Redux.qll @@ -24,7 +24,7 @@ module Redux { } private predicate packageDependsOn(PackageJson importer, PackageJson dependency) { - importer.getADependenciesObject("").getADependency(dependency.getPackageName(), _) + exists(importer.getADependenciesObject("").getADependency(dependency.getPackageName())) } /** Gets a package that can be considered an entry point for a Redux app. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll b/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll index a7286c7a1999..c93edfb783b3 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll @@ -601,7 +601,7 @@ module Templating { private TemplateSyntax getOwnTemplateSyntaxInFolder(Folder f) { exists(PackageDependencies deps | - deps.getADependency(result.getAPackageName(), _) and + exists(deps.getADependency(result.getAPackageName())) and f = deps.getFile().getParentContainer() ) } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll b/javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll index 6e1112077909..0b9dc85e2a83 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Vuex.qll @@ -374,7 +374,7 @@ module Vuex { } private predicate packageDependsOn(PackageJson importer, PackageJson dependency) { - importer.getADependenciesObject("").getADependency(dependency.getPackageName(), _) + exists(importer.getADependenciesObject("").getADependency(dependency.getPackageName())) } /** Gets a package that can be considered an entry point for a Vuex app. */ diff --git a/javascript/ql/src/NodeJS/UnresolvableImport.ql b/javascript/ql/src/NodeJS/UnresolvableImport.ql index 16feba14348d..cc981ef6920b 100644 --- a/javascript/ql/src/NodeJS/UnresolvableImport.ql +++ b/javascript/ql/src/NodeJS/UnresolvableImport.ql @@ -39,7 +39,7 @@ where pkg.getAModule() = r.getTopLevel() and pkgJson = pkg.getPackageJson() | not pkgJson.declaresDependency(mod, _) and - not pkgJson.getPeerDependencies().getADependency(mod, _) and + not exists(pkgJson.getPeerDependencies().getADependency(mod)) and // exclude packages depending on `fbjs`, which automatically pulls in many otherwise // undeclared dependencies not pkgJson.declaresDependency("fbjs", _) diff --git a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query19.qll b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query19.qll index 46ec0fe8f315..5fdbc8f78425 100644 --- a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query19.qll +++ b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query19.qll @@ -3,7 +3,7 @@ import javascript query predicate test_query19(PackageDependencies deps, string res) { exists(NpmPackage pkg, string name | deps = pkg.getPackageJson().getDependencies() and - deps.getADependency(name, _) and + exists(deps.getADependency(name)) and not exists(Require req | req.getTopLevel() = pkg.getAModule() | name = req.getImportedPath().getValue() ) From 1a6f1f5ccbf7ded1a6cc276efcf21135ba8537f0 Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 3 Dec 2024 11:03:27 +0100 Subject: [PATCH 2/2] JS: Refactor Test Cases - 'get' Predicates Without Return Values --- javascript/ql/test/library-tests/ClassNode/tests.ql | 8 ++++---- javascript/ql/test/library-tests/Comprehensions/tests.ql | 6 ++---- javascript/ql/test/library-tests/DataFlow/tests.ql | 6 +++--- javascript/ql/test/library-tests/Flow/tests.ql | 4 +--- javascript/ql/test/library-tests/NPM/tests.ql | 4 ++-- .../ql/test/library-tests/TypeScript/Types/tests.ql | 6 +++--- .../frameworks/Express/RouteHandlerContainer.qll | 7 +++---- javascript/ql/test/library-tests/variables/tests.ql | 6 ++---- 8 files changed, 20 insertions(+), 27 deletions(-) diff --git a/javascript/ql/test/library-tests/ClassNode/tests.ql b/javascript/ql/test/library-tests/ClassNode/tests.ql index 60dc630f3c37..5b297e918d06 100644 --- a/javascript/ql/test/library-tests/ClassNode/tests.ql +++ b/javascript/ql/test/library-tests/ClassNode/tests.ql @@ -4,12 +4,12 @@ query predicate fieldStep(DataFlow::Node pred, DataFlow::Node succ) { DataFlow::localFieldStep(pred, succ) } -query predicate getAReceiverNode(DataFlow::ClassNode cls, DataFlow::SourceNode recv) { - cls.getAReceiverNode() = recv +query DataFlow::SourceNode getAReceiverNode(DataFlow::ClassNode cls) { + result = cls.getAReceiverNode() } -query predicate getFieldTypeAnnotation(DataFlow::ClassNode cls, string name, TypeAnnotation ann) { - ann = cls.getFieldTypeAnnotation(name) +query TypeAnnotation getFieldTypeAnnotation(DataFlow::ClassNode cls, string name) { + result = cls.getFieldTypeAnnotation(name) } query predicate instanceMember( diff --git a/javascript/ql/test/library-tests/Comprehensions/tests.ql b/javascript/ql/test/library-tests/Comprehensions/tests.ql index e3b6a674ff6b..c049e52d669e 100644 --- a/javascript/ql/test/library-tests/Comprehensions/tests.ql +++ b/javascript/ql/test/library-tests/Comprehensions/tests.ql @@ -10,10 +10,8 @@ query predicate comprehensionExpr(ComprehensionExpr ce, int numBlock, int numFil body = ce.getBody() } -query predicate getBlock(ComprehensionExpr ce, int i, ComprehensionBlock block) { - ce.getBlock(i) = block -} +query ComprehensionBlock getBlock(ComprehensionExpr ce, int i) { result = ce.getBlock(i) } -query predicate getFilter(ComprehensionExpr ce, int i, Expr filter) { ce.getFilter(i) = filter } +query Expr getFilter(ComprehensionExpr ce, int i) { result = ce.getFilter(i) } query predicate varDecls(VarAccess va, VarDecl decl) { decl = va.getVariable().getADeclaration() } diff --git a/javascript/ql/test/library-tests/DataFlow/tests.ql b/javascript/ql/test/library-tests/DataFlow/tests.ql index 14a3635b5340..24f13f7bb6cb 100644 --- a/javascript/ql/test/library-tests/DataFlow/tests.ql +++ b/javascript/ql/test/library-tests/DataFlow/tests.ql @@ -13,11 +13,11 @@ query predicate enclosingExpr(DataFlow::Node node, Expr enclosingExpr) { query predicate flowStep(DataFlow::Node pred, DataFlow::Node nd) { nd.getAPredecessor() = pred } -query predicate getImmediatePredecessor(DataFlow::Node pred, DataFlow::Node nd) { - nd.getImmediatePredecessor() = pred +query DataFlow::Node getImmediatePredecessor(DataFlow::Node pred) { + result.getImmediatePredecessor() = pred } -query predicate getIntValue(DataFlow::Node node, int val) { node.getIntValue() = val } +query int getIntValue(DataFlow::Node node) { result = node.getIntValue() } query predicate incomplete(DataFlow::Node dfn, DataFlow::Incompleteness cause) { dfn.isIncomplete(cause) diff --git a/javascript/ql/test/library-tests/Flow/tests.ql b/javascript/ql/test/library-tests/Flow/tests.ql index c7bc0226084f..3657ffbd4004 100644 --- a/javascript/ql/test/library-tests/Flow/tests.ql +++ b/javascript/ql/test/library-tests/Flow/tests.ql @@ -10,9 +10,7 @@ query predicate abseval( query predicate abstractValues(AbstractValue val) { any() } -query predicate getAPrototype(AbstractValue av, DefiniteAbstractValue proto) { - av.getAPrototype() = proto -} +query DefiniteAbstractValue getAPrototype(AbstractValue av) { result = av.getAPrototype() } private import semmle.javascript.dataflow.Refinements diff --git a/javascript/ql/test/library-tests/NPM/tests.ql b/javascript/ql/test/library-tests/NPM/tests.ql index 2f92f9b41b08..89d707ac8bf7 100644 --- a/javascript/ql/test/library-tests/NPM/tests.ql +++ b/javascript/ql/test/library-tests/NPM/tests.ql @@ -19,9 +19,9 @@ query predicate npm(PackageJson pkg, string name, string version) { version = pkg.getVersion() } -query predicate getMainModule(PackageJson pkg, string name, Module mod) { +query Module getMainModule(PackageJson pkg, string name) { name = pkg.getPackageName() and - mod = pkg.getMainModule() + result = pkg.getMainModule() } query predicate packageJson(PackageJson json) { any() } diff --git a/javascript/ql/test/library-tests/TypeScript/Types/tests.ql b/javascript/ql/test/library-tests/TypeScript/Types/tests.ql index dad3934113e3..cfffc64db0af 100644 --- a/javascript/ql/test/library-tests/TypeScript/Types/tests.ql +++ b/javascript/ql/test/library-tests/TypeScript/Types/tests.ql @@ -3,11 +3,11 @@ import javascript // Ensure `true | false` and `false | true` are not distinct boolean types. query predicate booleans(BooleanType t) { any() } -query predicate getExprType(Expr expr, Type type) { type = expr.getType() } +query Type getExprType(Expr expr) { result = expr.getType() } -query predicate getTypeDefinitionType(TypeDefinition def, Type type) { type = def.getType() } +query Type getTypeDefinitionType(TypeDefinition def) { result = def.getType() } -query predicate getTypeExprType(TypeExpr e, Type type) { e.getType() = type } +query Type getTypeExprType(TypeExpr e) { result = e.getType() } query predicate missingToString(Type typ, string msg) { not exists(typ.toString()) and diff --git a/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerContainer.qll b/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerContainer.qll index 994e8a318e2b..e9b5045ba72e 100644 --- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerContainer.qll +++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerContainer.qll @@ -1,8 +1,7 @@ import javascript -query predicate getRouteHandlerContainerStep( - Http::RouteHandlerCandidateContainer container, DataFlow::SourceNode handler, - DataFlow::SourceNode access +query DataFlow::SourceNode getRouteHandlerContainerStep( + Http::RouteHandlerCandidateContainer container, DataFlow::SourceNode handler ) { - handler = container.getRouteHandler(access) + handler = container.getRouteHandler(result) } diff --git a/javascript/ql/test/library-tests/variables/tests.ql b/javascript/ql/test/library-tests/variables/tests.ql index 40b948050aee..a52938ed527d 100644 --- a/javascript/ql/test/library-tests/variables/tests.ql +++ b/javascript/ql/test/library-tests/variables/tests.ql @@ -4,11 +4,9 @@ query predicate capture(LocalVariable var, string name, VarDecl decl) { var.getADeclaration() = decl and name = var.getName() } -query predicate getAnAssignedExpr(Variable v, Expr e) { e = v.getAnAssignedExpr() } +query Expr getAnAssignedExpr(Variable v) { result = v.getAnAssignedExpr() } -query predicate getDeclaringContainer(LocalVariable v, StmtContainer container) { - container = v.getDeclaringContainer() -} +query StmtContainer getDeclaringContainer(LocalVariable v) { result = v.getDeclaringContainer() } query predicate varBindings(VarAccess va, VarDecl decl) { decl = va.getVariable().getADeclaration()