JavaScript: Connect up client and server sockets.

Max Schaefer · Max Schaefer · commit 36c9af977b63 · 2019-03-11T12:42:51.000Z
diff --git a/javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll b/javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll
@@ -197,6 +197,12 @@ module SocketIO {
       result = getCallback(1).getLastParameter() and
       exists(result.getAnInvocation())
     }
+
+    /** Gets a client-side node that may be sending the data received here. */
+    SocketIOClient::SendNode getASender() {
+      result.getSocket().getATargetNamespace() = getSocket().getNamespace() and
+      not result.getEventName() != getEventName()
+    }
   }
 
   /**
@@ -273,6 +279,12 @@ module SocketIO {
       exists(getSocket()) and
       result = getLastArgument().getALocalSource()
     }
+
+    /** Gets a client-side node that may be receiving the data sent here. */
+    SocketIOClient::ReceiveNode getAReceiver() {
+      result.getSocket().getATargetNamespace() = getNamespace() and
+      not result.getEventName() != getEventName()
+    }
   }
 
   /** A socket.io server, identified by its creation site. */
@@ -300,6 +312,9 @@ module SocketIO {
     /** Gets the default namespace of this server. */
     NamespaceObject getDefaultNamespace() { result = MkNamespace(this, "/") }
 
+    /** Gets the namespace with the given path of this server. */
+    NamespaceObject getNamespace(string path) { result = MkNamespace(this, path) }
+
     /**
      * Holds if this server is created at the specified location.
      * The location spans column `startcolumn` of line `startline` to
@@ -375,6 +390,23 @@ module SocketIOClient {
       not exists(invk.getArgument(0)) and
       result = "/"
     }
+
+    /** Gets a server this socket may be communicating with. */
+    SocketIO::ServerObject getATargetServer() {
+      exists(NPMPackage pkg |
+        result.getOrigin().getFile() = pkg.getAFile() and
+        this.getFile() = pkg.getAFile() and
+        exists(result.getNamespace(getNamespacePath()))
+      )
+    }
+
+    /** Gets a namespace this socket may be communicating with. */
+    SocketIO::NamespaceObject getATargetNamespace() {
+      result = getATargetServer().getNamespace(getNamespacePath())
+    }
+
+    /** Gets a server-side socket this client-side socket may be communicating with. */
+    SocketIO::SocketNode getATargetSocket() { result.getNamespace() = getATargetNamespace() }
   }
 
   /**
@@ -407,6 +439,12 @@ module SocketIOClient {
       result = getCallback(1).getLastParameter() and
       exists(result.getAnInvocation())
     }
+
+    /** Gets a server-side node that may be sending the data received here. */
+    SocketIO::SendNode getASender() {
+      result.getNamespace() = getSocket().getATargetNamespace() and
+      not result.getEventName() != getEventName()
+    }
   }
 
   /**
@@ -459,6 +497,12 @@ module SocketIOClient {
 
     /** Gets the acknowledgment callback, if any. */
     DataFlow::FunctionNode getAck() { result = getLastArgument().getALocalSource() }
+
+    /** Gets a server-side node that may be receiving the data sent here. */
+    SocketIO::ReceiveNode getAReceiver() {
+      result.getSocket().getNamespace() = getSocket().getATargetNamespace() and
+      not result.getEventName() != getEventName()
+    }
   }
 }
 
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode.expected
@@ -1,3 +1,4 @@
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | client2.js:1:12:1:56 | require ... lhost") |
 | client2.js:8:1:8:33 | sock.on ...  => {}) | client2.js:1:12:1:56 | require ... lhost") |
 | client2.js:10:1:12:2 | sock.on ... d");\\n}) | client2.js:1:12:1:56 | require ... lhost") |
+| client2.js:18:1:20:2 | sock2.o ... (x);\\n}) | client2.js:2:13:2:85 | require ... v#abc") |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getASender.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getASender.expected
@@ -0,0 +1,17 @@
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:31:1:31:20 | ns.send('a message') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:39:1:39:31 | io.emit ... ssage') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:40:1:40:20 | io.send('a message') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:41:1:41:21 | io.writ ... ssage') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:54:3:54:43 | socket. ...  => {}) |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:55:3:55:27 | socket. ... ssage') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:30:1:30:28 | ns.emit ... event') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:31:1:31:20 | ns.send('a message') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:39:1:39:31 | io.emit ... ssage') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:40:1:40:20 | io.send('a message') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:41:1:41:21 | io.writ ... ssage') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:51:3:51:22 | socket.emit('event') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:54:3:54:43 | socket. ...  => {}) |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:55:3:55:27 | socket. ... ssage') |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:30:1:30:28 | ns.emit ... event') |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:51:3:51:22 | socket.emit('event') |
+| client2.js:18:1:20:2 | sock2.o ... (x);\\n}) | tst.js:32:1:32:22 | ns2.wri ... ssage') |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getASender.ql b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getASender.ql
@@ -0,0 +1,4 @@
+import javascript
+
+from SocketIOClient::ReceiveNode rn
+select rn, rn.getASender()
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getAck.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getAck.expected
@@ -1 +1 @@
-| client2.js:10:1:12:2 | sock.on ... d");\\n}) | client2.js:10:21:10:22 | cb |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | client2.js:10:22:10:23 | cb |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getEventName.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getEventName.expected
@@ -1,2 +1,3 @@
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | message |
-| client2.js:10:1:12:2 | sock.on ... d");\\n}) | data |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | event |
+| client2.js:18:1:20:2 | sock2.o ... (x);\\n}) | message |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getReceivedItem.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getReceivedItem.expected
@@ -1,4 +1,5 @@
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | 0 | client2.js:4:21:4:21 | x |
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | 1 | client2.js:4:24:4:24 | y |
 | client2.js:8:1:8:33 | sock.on ...  => {}) | 0 | client2.js:8:23:8:25 | msg |
-| client2.js:10:1:12:2 | sock.on ... d");\\n}) | 0 | client2.js:10:18:10:18 | x |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | 0 | client2.js:10:19:10:19 | x |
+| client2.js:18:1:20:2 | sock2.o ... (x);\\n}) | 0 | client2.js:18:22:18:22 | x |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getAReceiver.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getAReceiver.expected
@@ -0,0 +1,4 @@
+| client2.js:14:1:14:32 | sock.em ... there") | tst.js:72:3:72:43 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:70:3:70:35 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:71:3:71:46 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:72:3:72:43 | socket. ...  => {}) |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getAReceiver.ql b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getAReceiver.ql
@@ -0,0 +1,4 @@
+import javascript
+
+from SocketIOClient::SendNode sn
+select sn, sn.getAReceiver()
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSocketNode.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSocketNode.expected
@@ -1,5 +1,5 @@
 | client1.js:1:1:1:4 | io() | / |
 | client1.js:2:1:2:23 | io.conn ... sages") | /messages |
 | client2.js:1:12:1:56 | require ... lhost") | / |
-| client2.js:2:1:2:73 | require ... v#abc") | /foo/bar |
+| client2.js:2:13:2:85 | require ... v#abc") | /foo/bar |
 | client3.js:3:1:3:4 | io() | / |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceNode.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceNode.expected
@@ -1,11 +1,11 @@
 | tst.js:25:10:25:19 | io.sockets | socket.io namespace with path '/' |
-| tst.js:26:11:26:23 | io.of("/foo") | socket.io namespace with path '/foo' |
+| tst.js:26:11:26:27 | io.of("/foo/bar") | socket.io namespace with path '/foo/bar' |
 | tst.js:27:1:27:12 | ns.use(auth) | socket.io namespace with path '/' |
 | tst.js:28:1:28:11 | ns.to(room) | socket.io namespace with path '/' |
 | tst.js:29:1:29:11 | ns.in(room) | socket.io namespace with path '/' |
 | tst.js:30:1:30:28 | ns.emit ... event') | socket.io namespace with path '/' |
 | tst.js:31:1:31:20 | ns.send('a message') | socket.io namespace with path '/' |
-| tst.js:32:1:32:22 | ns2.wri ... ssage') | socket.io namespace with path '/foo' |
+| tst.js:32:1:32:22 | ns2.wri ... ssage') | socket.io namespace with path '/foo/bar' |
 | tst.js:33:1:33:14 | ns.clients(cb) | socket.io namespace with path '/' |
 | tst.js:34:1:34:17 | ns.compress(true) | socket.io namespace with path '/' |
 | tst.js:35:1:35:16 | ns.binary(false) | socket.io namespace with path '/' |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceObject.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceObject.expected
@@ -1,4 +1,4 @@
 | socket.io namespace with path '/' | tst.js:1:12:1:33 | socket.io server | / |
 | socket.io namespace with path '/' | tst.js:4:13:4:24 | socket.io server | / |
 | socket.io namespace with path '/' | tst.js:6:13:6:27 | socket.io server | / |
-| socket.io namespace with path '/foo' | tst.js:1:12:1:33 | socket.io server | /foo |
+| socket.io namespace with path '/foo/bar' | tst.js:1:12:1:33 | socket.io server | /foo/bar |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getASender.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getASender.expected
@@ -0,0 +1,4 @@
+| tst.js:70:3:70:35 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
+| tst.js:71:3:71:46 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
+| tst.js:72:3:72:43 | socket. ...  => {}) | client2.js:14:1:14:32 | sock.em ... there") |
+| tst.js:72:3:72:43 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getASender.ql b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getASender.ql
@@ -0,0 +1,4 @@
+import javascript
+
+from SocketIO::ReceiveNode rn
+select rn, rn.getASender()
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode.expected
@@ -1,6 +1,6 @@
 | tst.js:30:1:30:28 | ns.emit ... event') | socket.io namespace with path '/' |
 | tst.js:31:1:31:20 | ns.send('a message') | socket.io namespace with path '/' |
-| tst.js:32:1:32:22 | ns2.wri ... ssage') | socket.io namespace with path '/foo' |
+| tst.js:32:1:32:22 | ns2.wri ... ssage') | socket.io namespace with path '/foo/bar' |
 | tst.js:39:1:39:31 | io.emit ... ssage') | socket.io namespace with path '/' |
 | tst.js:40:1:40:20 | io.send('a message') | socket.io namespace with path '/' |
 | tst.js:41:1:41:21 | io.writ ... ssage') | socket.io namespace with path '/' |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAReceiver.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAReceiver.expected
@@ -0,0 +1,17 @@
+| tst.js:30:1:30:28 | ns.emit ... event') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:30:1:30:28 | ns.emit ... event') | client2.js:10:1:12:2 | sock.on ... d");\\n}) |
+| tst.js:31:1:31:20 | ns.send('a message') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:31:1:31:20 | ns.send('a message') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:32:1:32:22 | ns2.wri ... ssage') | client2.js:18:1:20:2 | sock2.o ... (x);\\n}) |
+| tst.js:39:1:39:31 | io.emit ... ssage') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:39:1:39:31 | io.emit ... ssage') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:40:1:40:20 | io.send('a message') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:40:1:40:20 | io.send('a message') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:41:1:41:21 | io.writ ... ssage') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:41:1:41:21 | io.writ ... ssage') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:51:3:51:22 | socket.emit('event') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:51:3:51:22 | socket.emit('event') | client2.js:10:1:12:2 | sock.on ... d");\\n}) |
+| tst.js:54:3:54:43 | socket. ...  => {}) | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:54:3:54:43 | socket. ...  => {}) | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:55:3:55:27 | socket. ... ssage') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:55:3:55:27 | socket. ... ssage') | client2.js:8:1:8:33 | sock.on ...  => {}) |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAReceiver.ql b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAReceiver.ql
@@ -0,0 +1,4 @@
+import javascript
+
+from SocketIO::SendNode sn
+select sn, sn.getAReceiver()
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/client2.js b/javascript/ql/test/library-tests/frameworks/SocketIO/client2.js
@@ -1,16 +1,20 @@
 var sock = require("socket.io-client")("ws://localhost");
-require("socket.io-client").connect("http://example.com/foo/bar?q=v#abc");
+var sock2 = require("socket.io-client").connect("http://example.com/foo/bar?q=v#abc");
 
 sock.on('message', (x, y) => {
   console.log(x, y);
 })
 
 sock.on(eventName(), (msg) => {});
 
-sock.on('data', (x, cb) => {
+sock.on('event', (x, cb) => {
   cb("received");
 });
 
 sock.emit('data', "hi", "there");
 
 sock.write("do you copy?", () => {});
+
+sock2.on('message', (x) => {
+  console.log(x);
+});
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/package.json b/javascript/ql/test/library-tests/frameworks/SocketIO/package.json
@@ -0,0 +1,3 @@
+{
+  "name": "socket.io-tests"
+}
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/tst.js b/javascript/ql/test/library-tests/frameworks/SocketIO/tst.js
@@ -23,7 +23,7 @@ io.origins();
 
 // SocketIO::NamespaceNodes:
 var ns = io.sockets;
-var ns2 = io.of("/foo");
+var ns2 = io.of("/foo/bar");
 ns.use(auth);
 ns.to(room);
 ns.in(room);

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-\| client2.js:10:1:12:2 \| sock.on ... d");\\n}) \| client2.js:10:21:10:22 \| cb \|`
	`1`	`+\| client2.js:10:1:12:2 \| sock.on ... d");\\n}) \| client2.js:10:22:10:23 \| cb \|`