JS: Add closure string ops

asger-semmle · asger-semmle · commit 2bfb015218f9 · 2019-02-28T16:47:53.000Z
diff --git a/javascript/ql/src/semmle/javascript/StringOps.qll b/javascript/ql/src/semmle/javascript/StringOps.qll
@@ -112,14 +112,18 @@ module StringOps {
     }
 
     /**
-     * A call of form `_.startsWith(A, B)` or `ramda.startsWith(A, B)`.
+     * A call of form `_.startsWith(A, B)` or `ramda.startsWith(A, B)` or `goog.string.startsWith(A, B)`.
      */
     private class StartsWith_Library extends Range, DataFlow::CallNode {
       StartsWith_Library() {
         getNumArgument() = 2 and
         exists(DataFlow::SourceNode callee | this = callee.getACall() |
           callee = LodashUnderscore::member("startsWith") or
-          callee = DataFlow::moduleMember("ramda", "startsWith")
+          callee = DataFlow::moduleMember("ramda", "startsWith") or
+          exists(string name |
+            callee = Closure::moduleImport("goog.string." + name) and
+            (name = "startsWith" or name = "caseInsensitiveStartsWith")
+          )
         )
       }
 
@@ -250,6 +254,9 @@ module StringOps {
         exists(string name |
           this = LodashUnderscore::member(name).getACall() and
           (name = "includes" or name = "include" or name = "contains")
+          or
+          this = Closure::moduleImport("goog.string." + name).getACall() and
+          (name = "contains" or name = "caseInsensitiveContains")
         )
       }
 
@@ -416,7 +423,11 @@ module StringOps {
         getNumArgument() = 2 and
         exists(DataFlow::SourceNode callee | this = callee.getACall() |
           callee = LodashUnderscore::member("endsWith") or
-          callee = DataFlow::moduleMember("ramda", "endsWith")
+          callee = DataFlow::moduleMember("ramda", "endsWith") or
+          exists(string name |
+            callee = Closure::moduleImport("goog.string." + name) and
+            (name = "endsWith" or name = "caseInsensitiveEndsWith")
+          )
         )
       }
 

Original file line number	Diff line number	Diff line change
`@@ -112,14 +112,18 @@ module StringOps {`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`/**`
`115`		- * A call of form `_.startsWith(A, B)` or `ramda.startsWith(A, B)`.
	`115`	+ * A call of form `_.startsWith(A, B)` or `ramda.startsWith(A, B)` or `goog.string.startsWith(A, B)`.
`116`	`116`	`*/`
`117`	`117`	`private class StartsWith_Library extends Range, DataFlow::CallNode {`
`118`	`118`	`StartsWith_Library() {`
`119`	`119`	`getNumArgument() = 2 and`
`120`	`120`	`exists(DataFlow::SourceNode callee \| this = callee.getACall() \|`
`121`	`121`	`callee = LodashUnderscore::member("startsWith") or`
`122`		`- callee = DataFlow::moduleMember("ramda", "startsWith")`
	`122`	`+ callee = DataFlow::moduleMember("ramda", "startsWith") or`
	`123`	`+ exists(string name \|`
	`124`	`+ callee = Closure::moduleImport("goog.string." + name) and`
	`125`	`+ (name = "startsWith" or name = "caseInsensitiveStartsWith")`
	`126`	`+ )`
`123`	`127`	`)`
`124`	`128`	`}`
`125`	`129`
`@@ -250,6 +254,9 @@ module StringOps {`
`250`	`254`	`exists(string name \|`
`251`	`255`	`this = LodashUnderscore::member(name).getACall() and`
`252`	`256`	`(name = "includes" or name = "include" or name = "contains")`
	`257`	`+ or`
	`258`	`+ this = Closure::moduleImport("goog.string." + name).getACall() and`
	`259`	`+ (name = "contains" or name = "caseInsensitiveContains")`
`253`	`260`	`)`
`254`	`261`	`}`
`255`	`262`
`@@ -416,7 +423,11 @@ module StringOps {`
`416`	`423`	`getNumArgument() = 2 and`
`417`	`424`	`exists(DataFlow::SourceNode callee \| this = callee.getACall() \|`
`418`	`425`	`callee = LodashUnderscore::member("endsWith") or`
`419`		`- callee = DataFlow::moduleMember("ramda", "endsWith")`
	`426`	`+ callee = DataFlow::moduleMember("ramda", "endsWith") or`
	`427`	`+ exists(string name \|`
	`428`	`+ callee = Closure::moduleImport("goog.string." + name) and`
	`429`	`+ (name = "endsWith" or name = "caseInsensitiveEndsWith")`
	`430`	`+ )`
`420`	`431`	`)`
`421`	`432`	`}`
`422`	`433`