the js/use-of-returnless-function query now support multiple callees

erik-krogh · erik-krogh · commit 1bbe1ecdbaf6 · 2019-10-08T11:54:57.000+02:00
diff --git a/javascript/ql/src/Statements/UseOfReturnlessFunction.ql b/javascript/ql/src/Statements/UseOfReturnlessFunction.ql
@@ -98,17 +98,15 @@ predicate callBlacklist(DataFlow::CallNode call) {
   exists(MethodCallExpr e | e.getCalleeName() = "resolve" and call.asExpr() = e.getArgument(0))
 }
 
-from Function f, DataFlow::CallNode call
+from DataFlow::CallNode call
 where
   // Intentionally only considering very precise callee information. It makes almost no difference.
-  f = call.getACallee(0) and
-  count(call.getACallee(0)) = 1 and 
-  
-  not functionBlacklist(f) and
+  not call.isIndefinite(_) and 
+  forex(Function f | f = call.getACallee() | not functionBlacklist(f)) and
   
   exists(call.asExpr()) and // TODO: Need to figure out what to do about reflective calls.
   
   not callBlacklist(call)
 select
-  call, "the function $@ does not return anything, yet the return value is used.", f, call.getCalleeName()
+  call, "the function $@ does not return anything, yet the return value is used.", call.getACallee(), call.getCalleeName()
   
diff --git a/javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/UseOfReturnlessFunction.expected b/javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/UseOfReturnlessFunction.expected
@@ -1,3 +1,5 @@
 | tst.js:20:17:20:33 | onlySideEffects() | the function $@ does not return anything, yet the return value is used. | tst.js:11:5:13:5 | functio ... )\\n    } | onlySideEffects |
 | tst.js:24:13:24:29 | onlySideEffects() | the function $@ does not return anything, yet the return value is used. | tst.js:11:5:13:5 | functio ... )\\n    } | onlySideEffects |
 | tst.js:30:20:30:36 | onlySideEffects() | the function $@ does not return anything, yet the return value is used. | tst.js:11:5:13:5 | functio ... )\\n    } | onlySideEffects |
+| tst.js:53:10:53:34 | bothOnl ... fects() | the function $@ does not return anything, yet the return value is used. | tst.js:11:5:13:5 | functio ... )\\n    } | bothOnlyHaveSideEffects |
+| tst.js:53:10:53:34 | bothOnl ... fects() | the function $@ does not return anything, yet the return value is used. | tst.js:48:2:50:5 | functio ... )\\n    } | bothOnlyHaveSideEffects |
diff --git a/javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js b/javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
@@ -44,4 +44,16 @@
 	
 	var e = myObj.onlySideEffects.apply(this, arguments); // NOT OK!
 	console.log(e);
+	
+	function onlySideEffects2() {
+        console.log("Boo!")
+    }
+
+	var bothOnlyHaveSideEffects = Math.random() > 0.5 ? onlySideEffects : onlySideEffects2;
+	var f = bothOnlyHaveSideEffects(); // NOT OK!
+	console.log(f);
+	
+	var oneOfEach = Math.random() > 0.5 ? onlySideEffects : returnsValue;
+	var g = oneOfEach(); // OK
+	console.log(g);
 })();
