Merge pull request github#2 from max-schaefer/reintroduce-type-defs

erik-krogh · web-flow · commit c6ac6d49bc72 · 2021-03-23T10:19:27.000+01:00
Reintroduce type definitions to API graphs
diff --git a/javascript/ql/src/semmle/javascript/ApiGraphs.qll b/javascript/ql/src/semmle/javascript/ApiGraphs.qll
@@ -313,7 +313,7 @@ module API {
   module Node {
     /** Gets a node whose type has the given qualified name. */
     Node ofType(string moduleName, string exportedName) {
-      result = Impl::MkHasUnderlyingType(moduleName, exportedName).(Node).getInstance()
+      result = Impl::MkTypeUse(moduleName, exportedName).(Node).getInstance()
     }
   }
 
@@ -374,28 +374,31 @@ module API {
             exists(SSA::implicitInit([nm.getModuleVariable(), nm.getExportsVariable()]))
           )
         )
+        or
+        any(TypeDefinition td).getTypeName().hasQualifiedName(m, _)
       } or
       MkModuleImport(string m) {
         imports(_, m)
         or
         any(TypeAnnotation n).hasQualifiedName(m, _)
         or
-        any(Type t).hasUnderlyingType(m, _)
+        any(DataFlow::Node n).hasUnderlyingType(m, _)
       } or
       MkClassInstance(DataFlow::ClassNode cls) { cls = trackDefNode(_) and hasSemantics(cls) } or
       MkAsyncFuncResult(DataFlow::FunctionNode f) {
         f = trackDefNode(_) and f.getFunction().isAsync() and hasSemantics(f)
       } or
       MkDef(DataFlow::Node nd) { rhs(_, _, nd) } or
       MkUse(DataFlow::Node nd) { use(_, _, nd) } or
-      /**
-       * A TypeScript type, identified by name of the type-annotation.
-       * This API node is exclusively used by `API::Node::ofType`.
-       */
-      MkHasUnderlyingType(string moduleName, string exportName) {
+      /** A definition of a TypeScript type. */
+      MkTypeDef(string moduleName, string exportName) {
+        exists(TypeDefinition td | td.getTypeName().hasQualifiedName(moduleName, exportName))
+      } or
+      /** A use of a TypeScript type. */
+      MkTypeUse(string moduleName, string exportName) {
         any(TypeAnnotation n).hasQualifiedName(moduleName, exportName)
         or
-        any(Type t).hasUnderlyingType(moduleName, exportName)
+        exists(DataFlow::Node nd | nd.hasUnderlyingType(moduleName, exportName))
       } or
       MkSyntheticCallbackArg(DataFlow::Node src, int bound, DataFlow::InvokeNode nd) {
         trackUseNode(src, true, bound).flowsTo(nd.getCalleeNode())
@@ -404,9 +407,10 @@ module API {
     class TDef = MkModuleDef or TNonModuleDef;
 
     class TNonModuleDef =
-      MkModuleExport or MkClassInstance or MkAsyncFuncResult or MkDef or MkSyntheticCallbackArg;
+      MkModuleExport or MkClassInstance or MkAsyncFuncResult or MkDef or MkTypeDef or
+          MkSyntheticCallbackArg;
 
-    class TUse = MkModuleUse or MkModuleImport or MkUse or MkHasUnderlyingType;
+    class TUse = MkModuleUse or MkModuleImport or MkUse or MkTypeUse;
 
     private predicate hasSemantics(DataFlow::Node nd) { not nd.getTopLevel().isExterns() }
 
@@ -584,7 +588,7 @@ module API {
         )
         or
         exists(string moduleName, string exportName |
-          base = MkHasUnderlyingType(moduleName, exportName) and
+          base = MkTypeUse(moduleName, exportName) and
           lbl = Label::instance() and
           ref.(DataFlow::SourceNode).hasUnderlyingType(moduleName, exportName)
         )
@@ -821,9 +825,13 @@ module API {
       )
       or
       exists(string moduleName, string exportName |
+        pred = MkModuleExport(moduleName) and
+        lbl = Label::member(exportName) and
+        succ = MkTypeDef(moduleName, exportName)
+        or
         pred = MkModuleImport(moduleName) and
         lbl = Label::member(exportName) and
-        succ = MkHasUnderlyingType(moduleName, exportName)
+        succ = MkTypeUse(moduleName, exportName)
       )
       or
       exists(DataFlow::Node nd, DataFlow::FunctionNode f |
diff --git a/javascript/ql/test/ApiGraphs/typescript-test/ApiGraph.expected b/javascript/ql/test/ApiGraphs/typescript-test/ApiGraph.expected
@@ -0,0 +1,19 @@
+#-----| root
+#-----| module mongoose -> use (module mongoose)
+#-----| module typescript-test -> def (module typescript-test)
+
+#-----| def (module typescript-test)
+#-----| member exports -> def (member exports (module typescript-test))
+
+#-----| use (module mongoose)
+#-----| member exports -> use (member exports (module mongoose))
+
+#-----| def (member exports (module typescript-test))
+#-----| member Sized -> def (member Sized (member exports (module typescript-test)))
+
+#-----| use (member exports (module mongoose))
+#-----| member Model -> use (member Model (member exports (module mongoose)))
+
+#-----| def (member Sized (member exports (module typescript-test)))
+
+#-----| use (member Model (member exports (module mongoose)))
diff --git a/javascript/ql/test/ApiGraphs/typescript-test/ApiGraph.ql b/javascript/ql/test/ApiGraphs/typescript-test/ApiGraph.ql
@@ -0,0 +1,61 @@
+/**
+ * @name API graph
+ * @description Shows the API graph of a code base.
+ * @kind graph
+ * @id js/api-graph
+ */
+
+import javascript
+
+/** Gets a string representation of the location information for `nd`. */
+string locationString(API::Node nd) {
+  exists(string fp, int sl, int sc, int el, int ec | nd.hasLocationInfo(fp, sl, sc, el, ec) |
+    result = fp + ":" + sl + ":" + sc + ":" + el + ":" + ec
+  )
+}
+
+/**
+ * Gets the rank of node `nd` among all nodes ordered by depth, string representation,
+ * and location.
+ */
+int nodeRank(API::Node nd) {
+  nd =
+    rank[result + 1](API::Node nd2 |
+      |
+      nd2 order by nd2.getDepth(), nd2.toString(), locationString(nd2)
+    )
+}
+
+/**
+ * Gets the rank of `lbl` among all labels on outgoing edges of `pred`, ordered alphabetically.
+ */
+int labelRank(API::Node pred, string lbl, API::Node succ) {
+  lbl + "->" + nodeRank(succ) =
+    rank[result + 1](string l, API::Node s |
+      s = pred.getASuccessor(l)
+      or
+      pred.refersTo(s) and l = ""
+    |
+      l + "->" + nodeRank(s)
+    )
+}
+
+query predicate nodes(API::Node f, string key, string value) {
+  key = "semmle.order" and
+  value = nodeRank(f).toString()
+}
+
+query predicate edges(API::Node pred, API::Node succ, string key, string value) {
+  exists(string lbl |
+    succ = pred.getASuccessor(lbl)
+    or
+    pred.refersTo(succ) and
+    lbl = ""
+  |
+    key = "semmle.label" and
+    value = lbl
+    or
+    key = "semmle.order" and
+    value = labelRank(pred, lbl, succ).toString()
+  )
+}
diff --git a/javascript/ql/test/ApiGraphs/typescript-test/index.ts b/javascript/ql/test/ApiGraphs/typescript-test/index.ts
@@ -0,0 +1,6 @@
+export interface Sized {
+  getSize(): number;
+}
+
+import * as mongoose from "mongoose";
+var myModel : mongoose.Model;
diff --git a/javascript/ql/test/ApiGraphs/typescript-test/package.json b/javascript/ql/test/ApiGraphs/typescript-test/package.json
@@ -0,0 +1,6 @@
+{
+    "name": "typescript-test",
+    "dependencies": {
+        "mongoose": "*"
+    }
+}
diff --git a/javascript/ql/test/ApiGraphs/typescript-test/tsconfig.json b/javascript/ql/test/ApiGraphs/typescript-test/tsconfig.json
@@ -0,0 +1,6 @@
+{
+  "include": ["."],
+  "compilerOptions": {
+    "esModuleInterop": true
+  }
+}
