JS: implement getADataNode for Electron::ClientRequest

Esben Sparre Andreasen · Esben Sparre Andreasen · commit c7fe96d4bdd0 · 2018-10-16T08:51:32.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Electron.qll b/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
@@ -49,32 +49,14 @@ module Electron {
     }
 
   }
-  
-  /**
-   * A Node.js-style HTTP or HTTPS request made using `electron.net`, for example `net.request(url)`.
-   */
-  private class NetRequest extends CustomElectronClientRequest {
-    NetRequest() {
-      this = DataFlow::moduleMember("electron", "net").getAMemberCall("request")
-    }
-
-    override DataFlow::Node getUrl() {
-      result = getArgument(0) or
-      result = getOptionArgument(0, "url")
-    }
-
-    override DataFlow::Node getADataNode() {
-      none()
-    }
-
-  }
 
   /**
-   * A Node.js-style HTTP or HTTPS request made using `electron.client`, for example `new client(url)`.
+   * A Node.js-style HTTP or HTTPS request made using `electron.ClientRequest`.
    */
   private class NewClientRequest extends CustomElectronClientRequest {
     NewClientRequest() {
-      this = DataFlow::moduleMember("electron", "ClientRequest").getAnInstantiation()
+      this = DataFlow::moduleMember("electron", "ClientRequest").getAnInstantiation() or
+      this = DataFlow::moduleMember("electron", "net").getAMemberCall("request") // alias
     }
 
     override DataFlow::Node getUrl() {
@@ -83,7 +65,10 @@ module Electron {
     }
 
     override DataFlow::Node getADataNode() {
-      none()
+      exists (string name |
+        name = "write" or name = "end" |
+        result =this.(DataFlow::SourceNode).getAMethodCall(name).getArgument(0)
+      )
     }
 
   }
diff --git a/javascript/ql/test/library-tests/frameworks/Electron/ClientRequest_getADataNode.expected b/javascript/ql/test/library-tests/frameworks/Electron/ClientRequest_getADataNode.expected
@@ -0,0 +1,2 @@
+| electron.js:8:16:8:78 | new Cli ... POST'}) | electron.js:31:16:31:22 | 'stuff' |
+| electron.js:8:16:8:78 | new Cli ... POST'}) | electron.js:32:14:32:25 | 'more stuff' |
diff --git a/javascript/ql/test/library-tests/frameworks/Electron/ClientRequest_getADataNode.ql b/javascript/ql/test/library-tests/frameworks/Electron/ClientRequest_getADataNode.ql
@@ -0,0 +1,4 @@
+import javascript
+
+from Electron::ElectronClientRequest cr
+select cr, cr.getADataNode()

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| electron.js:8:16:8:78 \| new Cli ... POST'}) \| electron.js:31:16:31:22 \| 'stuff' \|`
	`2`	`+\| electron.js:8:16:8:78 \| new Cli ... POST'}) \| electron.js:32:14:32:25 \| 'more stuff' \|`