rename getASourceUse to getAReference

erik-krogh · erik-krogh · commit 1596436f7e52 · 2020-09-29T18:23:10.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/ApiGraphs.qll b/javascript/ql/src/semmle/javascript/ApiGraphs.qll
@@ -21,30 +21,29 @@ module API {
    */
   class Node extends Impl::TApiNode {
     /**
-     * Gets a data-flow node corresponding to a use of the API component represented by this node.
+     * Gets a `SourceNode` corresponding to a use of the API component represented by this node.
      *
      * For example, `require('fs').readFileSync` is a use of the function `readFileSync` from the
      * `fs` module, and `require('fs').readFileSync(file)` is a use of the result of that function.
      *
      * As another example, in the assignment `exports.plusOne = (x) => x+1` the two references to
      * `x` are uses of the first parameter of `plusOne`.
+     *
+     * Note: The result from this predicate is always a `DataFlow::SourceǸode`, use `getAUse()` if
+     * you want to follow purely local data-flow and get all `DataFlow::Node`s that corrospond to a
+     * use of this API node.
      */
-    DataFlow::Node getAUse() {
-      exists(DataFlow::SourceNode src | Impl::use(this, src) |
-        Impl::trackUseNode(src).flowsTo(result)
-      )
+    DataFlow::SourceNode getAReference() {
+      exists(DataFlow::SourceNode src | Impl::use(this, src) | result = Impl::trackUseNode(src))
     }
 
     /**
-     * Gets a source-node corresponding to a use of the API component represented by this node.
-     *
-     * For example, `require('fs').readFileSync` is a use of the function `readFileSync` from the
-     * `fs` module, and `require('fs').readFileSync(file)` is a use of the result of that function.
+     * Gets a data-flow node corresponding to a use of the API component represented by this node.
      *
-     * As another example, in the assignment `exports.plusOne = (x) => x+1` the two references to
-     * `x` are uses of the first parameter of `plusOne`.
+     * This predicate is similar to `getAReference`, except this prediate also follows purely local
+     * data-flow.
      */
-    DataFlow::SourceNode getASourceUse() { Impl::use(this, result) }
+    DataFlow::Node getAUse() { getAReference().flowsTo(result) }
 
     /**
      * Gets a data-flow node corresponding to the right-hand side of a definition of the API
diff --git a/javascript/ql/src/semmle/javascript/frameworks/SQL.qll b/javascript/ql/src/semmle/javascript/frameworks/SQL.qll
@@ -54,7 +54,7 @@ private module MySql {
   private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
     QueryCall() {
       exists(API::Node recv | recv = createPool() or recv = connection() |
-        this = recv.getMember("query").getASourceUse().getACall()
+        this = recv.getMember("query").getAReference().getACall()
       )
     }
 
@@ -72,7 +72,7 @@ private module MySql {
       this =
         [mysql(), createPool(), connection()]
             .getMember(["escape", "escapeId"])
-            .getASourceUse()
+            .getAReference()
             .getACall()
             .asExpr() and
       input = this.getArgument(0) and
@@ -132,7 +132,7 @@ private module Postgres {
 
   /** A call to the Postgres `query` method. */
   private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
-    QueryCall() { this = [client(), newPool()].getMember("query").getASourceUse().getACall() }
+    QueryCall() { this = [client(), newPool()].getMember("query").getAReference().getACall() }
 
     override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
   }
@@ -190,7 +190,7 @@ private module Sqlite {
         meth = "prepare" or
         meth = "run"
       |
-        this = newDb().getMember(meth).getASourceUse().getACall()
+        this = newDb().getMember(meth).getAReference().getACall()
       )
     }
 
@@ -234,7 +234,7 @@ private module MsSql {
 
   /** A call to a MsSql query method. */
   private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
-    QueryCall() { this = request().getMember(["query", "batch"]).getASourceUse().getACall() }
+    QueryCall() { this = request().getMember(["query", "batch"]).getAReference().getACall() }
 
     override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
   }
@@ -293,7 +293,7 @@ private module Sequelize {
 
   /** A call to `Sequelize.query`. */
   private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
-    QueryCall() { this = newSequelize().getMember("query").getASourceUse().getACall() }
+    QueryCall() { this = newSequelize().getMember("query").getAReference().getACall() }
 
     override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
   }
@@ -312,7 +312,7 @@ private module Sequelize {
 
     Credentials() {
       exists(NewExpr ne, string prop |
-        ne = sequelize().getASourceUse().getAnInstantiation().asExpr() and
+        ne = sequelize().getAReference().getAnInstantiation().asExpr() and
         (
           this = ne.getArgument(1) and prop = "username"
           or
@@ -393,7 +393,7 @@ private module Spanner {
       this =
         database()
             .getMember(["run", "runPartitionedUpdate", "runStream"])
-            .getASourceUse()
+            .getAReference()
             .getACall()
     }
   }
@@ -403,7 +403,7 @@ private module Spanner {
    */
   class TransactionRunCall extends SqlExecution {
     TransactionRunCall() {
-      this = transaction().getMember(["run", "runStream", "runUpdate"]).getASourceUse().getACall()
+      this = transaction().getMember(["run", "runStream", "runUpdate"]).getAReference().getACall()
     }
   }
 
@@ -415,7 +415,7 @@ private module Spanner {
       this =
         v1SpannerClient()
             .getMember(["executeSql", "executeStreamingSql"])
-            .getASourceUse()
+            .getAReference()
             .getACall()
     }
 

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ private module MySql {`
`54`	`54`	`private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {`
`55`	`55`	`QueryCall() {`
`56`	`56`	`exists(API::Node recv \| recv = createPool() or recv = connection() \|`
`57`		`- this = recv.getMember("query").getASourceUse().getACall()`
	`57`	`+ this = recv.getMember("query").getAReference().getACall()`
`58`	`58`	`)`
`59`	`59`	`}`
`60`	`60`
`@@ -72,7 +72,7 @@ private module MySql {`
`72`	`72`	`this =`
`73`	`73`	`[mysql(), createPool(), connection()]`
`74`	`74`	`.getMember(["escape", "escapeId"])`
`75`		`- .getASourceUse()`
	`75`	`+ .getAReference()`
`76`	`76`	`.getACall()`
`77`	`77`	`.asExpr() and`
`78`	`78`	`input = this.getArgument(0) and`
`@@ -132,7 +132,7 @@ private module Postgres {`
`132`	`132`
`133`	`133`	/** A call to the Postgres `query` method. */
`134`	`134`	`private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {`
`135`		`- QueryCall() { this = [client(), newPool()].getMember("query").getASourceUse().getACall() }`
	`135`	`+ QueryCall() { this = [client(), newPool()].getMember("query").getAReference().getACall() }`
`136`	`136`
`137`	`137`	`override DataFlow::Node getAQueryArgument() { result = getArgument(0) }`
`138`	`138`	`}`
`@@ -190,7 +190,7 @@ private module Sqlite {`
`190`	`190`	`meth = "prepare" or`
`191`	`191`	`meth = "run"`
`192`	`192`	`\|`
`193`		`- this = newDb().getMember(meth).getASourceUse().getACall()`
	`193`	`+ this = newDb().getMember(meth).getAReference().getACall()`
`194`	`194`	`)`
`195`	`195`	`}`
`196`	`196`
`@@ -234,7 +234,7 @@ private module MsSql {`
`234`	`234`
`235`	`235`	`/** A call to a MsSql query method. */`
`236`	`236`	`private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {`
`237`		`- QueryCall() { this = request().getMember(["query", "batch"]).getASourceUse().getACall() }`
	`237`	`+ QueryCall() { this = request().getMember(["query", "batch"]).getAReference().getACall() }`
`238`	`238`
`239`	`239`	`override DataFlow::Node getAQueryArgument() { result = getArgument(0) }`
`240`	`240`	`}`
`@@ -293,7 +293,7 @@ private module Sequelize {`
`293`	`293`
`294`	`294`	/** A call to `Sequelize.query`. */
`295`	`295`	`private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {`
`296`		`- QueryCall() { this = newSequelize().getMember("query").getASourceUse().getACall() }`
	`296`	`+ QueryCall() { this = newSequelize().getMember("query").getAReference().getACall() }`
`297`	`297`
`298`	`298`	`override DataFlow::Node getAQueryArgument() { result = getArgument(0) }`
`299`	`299`	`}`
`@@ -312,7 +312,7 @@ private module Sequelize {`
`312`	`312`
`313`	`313`	`Credentials() {`
`314`	`314`	`exists(NewExpr ne, string prop \|`
`315`		`- ne = sequelize().getASourceUse().getAnInstantiation().asExpr() and`
	`315`	`+ ne = sequelize().getAReference().getAnInstantiation().asExpr() and`
`316`	`316`	`(`
`317`	`317`	`this = ne.getArgument(1) and prop = "username"`
`318`	`318`	`or`
`@@ -393,7 +393,7 @@ private module Spanner {`
`393`	`393`	`this =`
`394`	`394`	`database()`
`395`	`395`	`.getMember(["run", "runPartitionedUpdate", "runStream"])`
`396`		`- .getASourceUse()`
	`396`	`+ .getAReference()`
`397`	`397`	`.getACall()`
`398`	`398`	`}`
`399`	`399`	`}`
`@@ -403,7 +403,7 @@ private module Spanner {`
`403`	`403`	`*/`
`404`	`404`	`class TransactionRunCall extends SqlExecution {`
`405`	`405`	`TransactionRunCall() {`
`406`		`- this = transaction().getMember(["run", "runStream", "runUpdate"]).getASourceUse().getACall()`
	`406`	`+ this = transaction().getMember(["run", "runStream", "runUpdate"]).getAReference().getACall()`
`407`	`407`	`}`
`408`	`408`	`}`
`409`	`409`
`@@ -415,7 +415,7 @@ private module Spanner {`
`415`	`415`	`this =`
`416`	`416`	`v1SpannerClient()`
`417`	`417`	`.getMember(["executeSql", "executeStreamingSql"])`
`418`		`- .getASourceUse()`
	`418`	`+ .getAReference()`
`419`	`419`	`.getACall()`
`420`	`420`	`}`
`421`	`421`