JS: implement getADataNode for GotUrlRequest

Esben Sparre Andreasen · Esben Sparre Andreasen · commit eef0b8c94d1a · 2018-10-16T08:51:32.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
@@ -193,26 +193,27 @@ private class FetchUrlRequest extends CustomClientRequest {
  */
 private class GotUrlRequest extends CustomClientRequest {
 
-  DataFlow::Node url;
-
   GotUrlRequest() {
     exists (string moduleName, DataFlow::SourceNode callee |
       this = callee.getACall() |
       moduleName = "got" and
       (
         callee = DataFlow::moduleImport(moduleName) or
         callee = DataFlow::moduleMember(moduleName, "stream")
-      ) and
-      url = getArgument(0) and not exists (getOptionArgument(1, "baseUrl"))
+      )
     )
   }
 
   override DataFlow::Node getUrl() {
-    result = url
+    result = getArgument(0) and
+    not exists (getOptionArgument(1, "baseUrl"))
   }
 
   override DataFlow::Node getADataNode() {
-    none()
+    exists (string name |
+      name = "headers" or name = "body" or name = "query" |
+      result = getOptionArgument(1, name)
+    )
   }
 
 }
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest.expected
@@ -21,3 +21,4 @@
 | tst.js:57:5:57:39 | axios.p ... data2}) |
 | tst.js:59:5:59:52 | axios({ ... sData}) |
 | tst.js:61:5:61:60 | window. ... yData}) |
+| tst.js:63:5:63:68 | got(url ... yData}) |
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest_getADataNode.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest_getADataNode.expected
@@ -5,3 +5,5 @@
 | tst.js:59:5:59:52 | axios({ ... sData}) | tst.js:59:41:59:50 | paramsData |
 | tst.js:61:5:61:60 | window. ... yData}) | tst.js:61:33:61:42 | headerData |
 | tst.js:61:5:61:60 | window. ... yData}) | tst.js:61:51:61:58 | bodyData |
+| tst.js:63:5:63:68 | got(url ... yData}) | tst.js:63:24:63:33 | headerData |
+| tst.js:63:5:63:68 | got(url ... yData}) | tst.js:63:42:63:49 | bodyData |
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest_getUrl.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest_getUrl.expected
@@ -25,3 +25,4 @@
 | tst.js:57:5:57:39 | axios.p ... data2}) | tst.js:57:16:57:16 | x |
 | tst.js:59:5:59:52 | axios({ ... sData}) | tst.js:59:11:59:51 | {header ... msData} |
 | tst.js:61:5:61:60 | window. ... yData}) | tst.js:61:18:61:20 | url |
+| tst.js:63:5:63:68 | got(url ... yData}) | tst.js:63:9:63:11 | url |
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js
@@ -59,4 +59,7 @@ import {ClientRequest, net} from 'electron';
     axios({headers: headerData, params: paramsData});
 
     window.fetch(url, {headers: headerData, body: bodyData});
+
+    got(url, {headers: headerData, body: bodyData, quer: queryData});
+
 });

Original file line number	Diff line number	Diff line change
`@@ -193,26 +193,27 @@ private class FetchUrlRequest extends CustomClientRequest {`
`193`	`193`	`*/`
`194`	`194`	`private class GotUrlRequest extends CustomClientRequest {`
`195`	`195`
`196`		`- DataFlow::Node url;`
`197`		`-`
`198`	`196`	`GotUrlRequest() {`
`199`	`197`	`exists (string moduleName, DataFlow::SourceNode callee \|`
`200`	`198`	`this = callee.getACall() \|`
`201`	`199`	`moduleName = "got" and`
`202`	`200`	`(`
`203`	`201`	`callee = DataFlow::moduleImport(moduleName) or`
`204`	`202`	`callee = DataFlow::moduleMember(moduleName, "stream")`
`205`		`- ) and`
`206`		`- url = getArgument(0) and not exists (getOptionArgument(1, "baseUrl"))`
	`203`	`+ )`
`207`	`204`	`)`
`208`	`205`	`}`
`209`	`206`
`210`	`207`	`override DataFlow::Node getUrl() {`
`211`		`- result = url`
	`208`	`+ result = getArgument(0) and`
	`209`	`+ not exists (getOptionArgument(1, "baseUrl"))`
`212`	`210`	`}`
`213`	`211`
`214`	`212`	`override DataFlow::Node getADataNode() {`
`215`		`- none()`
	`213`	`+ exists (string name \|`
	`214`	`+ name = "headers" or name = "body" or name = "query" \|`
	`215`	`+ result = getOptionArgument(1, name)`
	`216`	`+ )`
`216`	`217`	`}`
`217`	`218`
`218`	`219`	`}`