Merge pull request #9821 from erik-krogh/jsQlFix

esbena · web-flow · commit 0c6f28014c71 · 2022-08-09T22:06:29.000+02:00
JS: fix some QL-for-QL warnings in JS
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
@@ -188,10 +188,10 @@ module FlowFromSource {
 
     Query getQuery() { result = q }
 
-    /** The sinks are the endpoints we're extracting. */
+    /** Holds if `sink` is an endpoint we're extracting. */
     override predicate isSink(DataFlow::Node sink) { sink = getAnEndpoint(q) }
 
-    /** The sinks are the endpoints we're extracting. */
+    /** Holds if `sink` is an endpoint we're extracting. */
     override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) {
       sink = getAnEndpoint(q) and exists(lbl)
     }
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/CallGraphs.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/CallGraphs.qll
@@ -190,7 +190,7 @@ module CallGraph {
   }
 
   /**
-   * Holds if `ref` installs an accessor on an object. Such property writes should not
+   * Holds if `write` installs an accessor on an object. Such property writes should not
    * be considered calls to an accessor.
    */
   pragma[nomagic]
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/PropertyTypeInference.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/PropertyTypeInference.qll
@@ -10,7 +10,7 @@ private import AbstractPropertiesImpl
 private import AbstractValuesImpl
 
 /**
- * Flow analysis for property reads, either explicitly (`x.p` or `x[e]`) or
+ * An analyzed property read, either explicitly (`x.p` or `x[e]`) or
  * implicitly.
  */
 abstract class AnalyzedPropertyRead extends DataFlow::AnalyzedNode {
@@ -86,7 +86,7 @@ pragma[noinline]
 private predicate isTrackedPropertyName(string prop) { exists(MkAbstractProperty(_, prop)) }
 
 /**
- * Flow analysis for property writes, including exports (which are
+ * An analyzed property write, including exports (which are
  * modeled as assignments to `module.exports`).
  */
 abstract class AnalyzedPropertyWrite extends DataFlow::Node {
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
@@ -92,10 +92,10 @@ abstract private class HtmlAttributeAsNgSourceProvider extends NgSourceProvider,
     endColumn = startColumn + src.length() - 1
   }
 
-  /** The source code of the expression. */
+  /** Gets the source code of the expression. */
   abstract string getSource();
 
-  /** The offset into the attribute where the expression starts. */
+  /** Gets the offset into the attribute where the expression starts. */
   abstract int getOffset();
 
   override DOM::ElementDefinition getEnclosingElement() { result = this.getElement() }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Handlebars.qll b/javascript/ql/lib/semmle/javascript/frameworks/Handlebars.qll
@@ -61,13 +61,13 @@ private module HandlebarsTaintSteps {
    * the `FunctionNode` representing `function loudHelper`, and return its parameter `text`.
    */
   private DataFlow::ParameterNode getRegisteredHelperParam(
-    string helperName, DataFlow::FunctionNode helperFunction, int paramIndex
+    string helperName, DataFlow::FunctionNode func, int paramIndex
   ) {
     exists(DataFlow::CallNode registerHelperCall |
       registerHelperCall = any(Handlebars::Handlebars hb).getAMemberCall("registerHelper") and
       registerHelperCall.getArgument(0).mayHaveStringValue(helperName) and
-      helperFunction = registerHelperCall.getArgument(1).getAFunctionValue() and
-      result = helperFunction.getParameter(paramIndex)
+      func = registerHelperCall.getArgument(1).getAFunctionValue() and
+      result = func.getParameter(paramIndex)
     )
   }
 
@@ -132,15 +132,15 @@ private module HandlebarsTaintSteps {
   private predicate isHandlebarsArgStep(DataFlow::Node pred, DataFlow::Node succ) {
     exists(
       string helperName, DataFlow::CallNode templatingCall, DataFlow::CallNode compileCall,
-      DataFlow::FunctionNode helperFunction
+      DataFlow::FunctionNode func
     |
       templatingCall = compiledTemplate(compileCall).getACall() and
       exists(string templateText, string paramName, int argIdx |
         compileCall.getArgument(0).mayHaveStringValue(templateText)
       |
         pred = templatingCall.getArgument(0).getALocalSource().getAPropertyWrite(paramName).getRhs() and
         isTemplateHelperCallArg(templateText, helperName, argIdx, paramName) and
-        succ = getRegisteredHelperParam(helperName, helperFunction, argIdx)
+        succ = getRegisteredHelperParam(helperName, func, argIdx)
       )
     )
   }
diff --git a/javascript/ql/src/Expressions/CompareIdenticalValues.ql b/javascript/ql/src/Expressions/CompareIdenticalValues.ql
@@ -38,7 +38,7 @@ predicate accessWithConversions(Expr e, Variable v) {
 }
 
 /**
- * A comment containing the word "NaN".
+ * Holds if `c` is a comment containing the word "NaN".
  */
 predicate isNaNComment(Comment c, string filePath, int startLine) {
   c.getText().matches("%NaN%") and
diff --git a/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql b/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
@@ -76,7 +76,7 @@ Folder getAPackageJsonFolder() { result = any(PackageJson json).getFile().getPar
  * the current working folder, or the root folder.
  * All of these might cause information to be leaked.
  *
- * For the first case it is assumed that the presence of a `package.json` file means that a `node_modules` folder can also exist.
+ * For the first case it is assumed that the presence of a `package.json` file means that a "node_modules" folder can also exist.
  *
  * For the root/home/working folder, they contain so much information that they must leak information somehow (e.g. ssh keys in the `~/.ssh` folder).
  */
diff --git a/ql/ql/src/queries/style/MissingParameterInQlDoc.ql b/ql/ql/src/queries/style/MissingParameterInQlDoc.ql
@@ -46,7 +46,7 @@ private string getAMentionedNonParameter(Predicate p) {
   not result =
     [
       "true", "false", "NaN", "this", "forall", "exists", "null", "break", "return", "not", "if",
-      "then", "else", "import"
+      "then", "else", "import", "async"
     ] and
   not result = any(Aggregate a).getKind() and // min, max, sum, count, etc.
   not result = getMentionedThings(p.getLocation().getFile()) and

Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,7 @@ module CallGraph {`
`190`	`190`	`}`
`191`	`191`
`192`	`192`	`/**`
`193`		- * Holds if `ref` installs an accessor on an object. Such property writes should not
	`193`	+ * Holds if `write` installs an accessor on an object. Such property writes should not
`194`	`194`	`* be considered calls to an accessor.`
`195`	`195`	`*/`
`196`	`196`	`pragma[nomagic]`
Original file line number	Diff line number	Diff line change
`@@ -61,13 +61,13 @@ private module HandlebarsTaintSteps {`
`61`	`61`	* the `FunctionNode` representing `function loudHelper`, and return its parameter `text`.
`62`	`62`	`*/`
`63`	`63`	`private DataFlow::ParameterNode getRegisteredHelperParam(`
`64`		`- string helperName, DataFlow::FunctionNode helperFunction, int paramIndex`
	`64`	`+ string helperName, DataFlow::FunctionNode func, int paramIndex`
`65`	`65`	`) {`
`66`	`66`	`exists(DataFlow::CallNode registerHelperCall \|`
`67`	`67`	`registerHelperCall = any(Handlebars::Handlebars hb).getAMemberCall("registerHelper") and`
`68`	`68`	`registerHelperCall.getArgument(0).mayHaveStringValue(helperName) and`
`69`		`- helperFunction = registerHelperCall.getArgument(1).getAFunctionValue() and`
`70`		`- result = helperFunction.getParameter(paramIndex)`
	`69`	`+ func = registerHelperCall.getArgument(1).getAFunctionValue() and`
	`70`	`+ result = func.getParameter(paramIndex)`
`71`	`71`	`)`
`72`	`72`	`}`
`73`	`73`
`@@ -132,15 +132,15 @@ private module HandlebarsTaintSteps {`
`132`	`132`	`private predicate isHandlebarsArgStep(DataFlow::Node pred, DataFlow::Node succ) {`
`133`	`133`	`exists(`
`134`	`134`	`string helperName, DataFlow::CallNode templatingCall, DataFlow::CallNode compileCall,`
`135`		`- DataFlow::FunctionNode helperFunction`
	`135`	`+ DataFlow::FunctionNode func`
`136`	`136`	`\|`
`137`	`137`	`templatingCall = compiledTemplate(compileCall).getACall() and`
`138`	`138`	`exists(string templateText, string paramName, int argIdx \|`
`139`	`139`	`compileCall.getArgument(0).mayHaveStringValue(templateText)`
`140`	`140`	`\|`
`141`	`141`	`pred = templatingCall.getArgument(0).getALocalSource().getAPropertyWrite(paramName).getRhs() and`
`142`	`142`	`isTemplateHelperCallArg(templateText, helperName, argIdx, paramName) and`
`143`		`- succ = getRegisteredHelperParam(helperName, helperFunction, argIdx)`
	`143`	`+ succ = getRegisteredHelperParam(helperName, func, argIdx)`
`144`	`144`	`)`
`145`	`145`	`)`
`146`	`146`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ predicate accessWithConversions(Expr e, Variable v) {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`/**`
`41`		`- * A comment containing the word "NaN".`
	`41`	+ * Holds if `c` is a comment containing the word "NaN".
`42`	`42`	`*/`
`43`	`43`	`predicate isNaNComment(Comment c, string filePath, int startLine) {`
`44`	`44`	`c.getText().matches("%NaN%") and`
Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ Folder getAPackageJsonFolder() { result = any(PackageJson json).getFile().getPar`
`76`	`76`	`* the current working folder, or the root folder.`
`77`	`77`	`* All of these might cause information to be leaked.`
`78`	`78`	`*`
`79`		- * For the first case it is assumed that the presence of a `package.json` file means that a `node_modules` folder can also exist.
	`79`	+ * For the first case it is assumed that the presence of a `package.json` file means that a "node_modules" folder can also exist.
`80`	`80`	`*`
`81`	`81`	* For the root/home/working folder, they contain so much information that they must leak information somehow (e.g. ssh keys in the `~/.ssh` folder).
`82`	`82`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ private string getAMentionedNonParameter(Predicate p) {`
`46`	`46`	`not result =`
`47`	`47`	`[`
`48`	`48`	`"true", "false", "NaN", "this", "forall", "exists", "null", "break", "return", "not", "if",`
`49`		`- "then", "else", "import"`
	`49`	`+ "then", "else", "import", "async"`
`50`	`50`	`] and`
`51`	`51`	`not result = any(Aggregate a).getKind() and // min, max, sum, count, etc.`
`52`	`52`	`not result = getMentionedThings(p.getLocation().getFile()) and`