JS: prepare DefensiveProgramming.qll for additions

Esben Sparre Andreasen · Esben Sparre Andreasen · commit a5eeba3c3a49 · 2018-11-13T08:19:38.000+01:00
diff --git a/javascript/ql/src/Statements/UselessConditional.ql b/javascript/ql/src/Statements/UselessConditional.ql
@@ -87,7 +87,7 @@ predicate isConstantBooleanReturnValue(Expr e) {
 predicate whitelist(Expr e) {
   isConstant(e) or
   isConstant(e.(LogNotExpr).getOperand()) or
-  e.flow() instanceof DefensiveInit or
+  e.flow() instanceof Internal::DefensiveInit or
   isInitialParameterUse(e) or
   isConstantBooleanReturnValue(e)
 }
diff --git a/javascript/ql/src/semmle/javascript/DefensiveProgramming.qll b/javascript/ql/src/semmle/javascript/DefensiveProgramming.qll
@@ -1,27 +1,49 @@
+/**
+ * Provides classes for working with defensive programming patterns.
+ */
+
 import javascript
+private import semmle.javascript.dataflow.InferredTypes
 
 /**
- * A defensive truthiness check that may be worth keeping, even if it
- * is strictly speaking useless.
- *
- * We currently recognize three patterns:
- *
- *   - the first `x` in `x || (x = e)`
- *   - the second `x` in `x = (x || e)`
- *   - the second `x` in `var x = x || e`
+ * The test in a defensive programming pattern.
  */
-class DefensiveInit extends DataFlow::ValueNode {
-  DefensiveInit() {
-    exists(VarAccess va, LogOrExpr o, VarRef va2 |
-      va = astNode and
-      va = o.getLeftOperand().stripParens() and va2.getVariable() = va.getVariable() |
-      exists(AssignExpr assgn | va2 = assgn.getTarget() |
-        assgn = o.getRightOperand().stripParens() or
-        o = assgn.getRhs().stripParens()
+abstract class DefensiveExpression extends DataFlow::ValueNode {
+  /** Gets the unique Boolean value that this test evaluates to, if any. */
+  abstract boolean getTheTestResult();
+}
+
+/**
+ * INTERNAL: Do not use directly; use `DefensiveExpression` instead.
+ */
+module Internal {
+  /**
+   * A defensive truthiness check that may be worth keeping, even if it
+   * is strictly speaking useless.
+   *
+   * We currently recognize three patterns:
+   *
+   *   - the first `x` in `x || (x = e)`
+   *   - the second `x` in `x = (x || e)`
+   *   - the second `x` in `var x = x || e`
+   */
+  class DefensiveInit extends DefensiveExpression {
+    DefensiveInit() {
+      exists(VarAccess va, LogOrExpr o, VarRef va2 |
+        va = astNode and
+        va = o.getLeftOperand().stripParens() and va2.getVariable() = va.getVariable() |
+        exists(AssignExpr assgn | va2 = assgn.getTarget() |
+          assgn = o.getRightOperand().stripParens() or
+          o = assgn.getRhs().stripParens()
+        )
+        or
+        exists(VariableDeclarator vd | va2 = vd.getBindingPattern() | o = vd.getInit().stripParens())
       )
-      or
-      exists(VariableDeclarator vd | va2 = vd.getBindingPattern() | o = vd.getInit().stripParens())
-    )
+    }
+
+    override boolean getTheTestResult() {
+      result = analyze().getTheBooleanValue()
+    }
   }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ predicate isConstantBooleanReturnValue(Expr e) {`
`87`	`87`	`predicate whitelist(Expr e) {`
`88`	`88`	`isConstant(e) or`
`89`	`89`	`isConstant(e.(LogNotExpr).getOperand()) or`
`90`		`- e.flow() instanceof DefensiveInit or`
	`90`	`+ e.flow() instanceof Internal::DefensiveInit or`
`91`	`91`	`isInitialParameterUse(e) or`
`92`	`92`	`isConstantBooleanReturnValue(e)`
`93`	`93`	`}`