JS: refactor DefaultUrlRequest: extract the axios library

Esben Sparre Andreasen · Esben Sparre Andreasen · commit b3b997ca9107 · 2018-09-04T09:26:45.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/UrlRequests.qll b/javascript/ql/src/semmle/javascript/frameworks/UrlRequests.qll
@@ -74,19 +74,6 @@ private class DefaultUrlRequest extends CustomUrlRequest {
         url = getArgument(0)
       )
       or
-      (
-        moduleName = "axios" and
-        (
-          callee = DataFlow::moduleImport(moduleName) or
-          callee = DataFlow::moduleMember(moduleName, httpMethodName()) or
-          callee = DataFlow::moduleMember(moduleName, "request")
-        ) and
-        (
-          url = getArgument(0) or
-          url = getOptionArgument([0..2], urlPropertyName()) // slightly over-approximate, in the name of simplicity
-        )
-      )
-      or
       (
         moduleName = "got" and
         (
@@ -154,4 +141,33 @@ private class RequestUrlRequest extends CustomUrlRequest {
     result = url
   }
 
-}
+}
+
+/**
+ * A model of a URL request in the `axios` library.
+ */
+private class AxiosUrlRequest extends CustomUrlRequest {
+
+  DataFlow::Node url;
+
+  AxiosUrlRequest() {
+    exists (string moduleName, DataFlow::SourceNode callee |
+      this = callee.getACall() |
+      moduleName = "axios" and
+      (
+        callee = DataFlow::moduleImport(moduleName) or
+        callee = DataFlow::moduleMember(moduleName, httpMethodName()) or
+        callee = DataFlow::moduleMember(moduleName, "request")
+      ) and
+      (
+        url = getArgument(0) or
+        url = getOptionArgument([0..2], urlPropertyName()) // slightly over-approximate, in the name of simplicity
+      )
+    )
+  }
+
+  override DataFlow::Node getUrl() {
+    result = url
+  }
+
+}
