changes based on review

erik-krogh · erik-krogh · commit 026092559c65 · 2020-01-20T15:53:58.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll b/javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll
@@ -23,8 +23,18 @@ module SocketIO {
     result = DataFlow::moduleImport("socket.io").getAMemberCall("listen")
   }
 
+  /**
+   * A common superclass for all socket-like objects on the serverside of SocketIO. 
+   * All of the subclasses can be used to send data to SocketIO clients (see the `SendNode` class). 
+   */
   abstract private class SocketIOObject extends DataFlow::SourceNode, EventEmitter::Range {
+    /**
+     * Gets a node that refers to a SocketIOObject object.
+     */
     abstract DataFlow::SourceNode ref();
+    
+    /** Gets namespace belonging to this object. */
+    abstract NamespaceObject getNamespace();
   }
 
   /** A socket.io server. */
@@ -35,6 +45,9 @@ module SocketIO {
 
     /** Gets the default namespace of this server. */
     NamespaceObject getDefaultNamespace() { result = MkNamespace(this, "/") }
+    
+    /** Gets the default namespace of this server. */
+    override NamespaceObject getNamespace() { result = getDefaultNamespace() }
 
     /** Gets the namespace with the given path of this server. */
     NamespaceObject getNamespace(string path) { result = MkNamespace(this, path) }
@@ -126,7 +139,7 @@ module SocketIO {
     }
 
     /** Gets the namespace to which this object refers. */
-    NamespaceObject getNamespace() { result = ns }
+    override NamespaceObject getNamespace() { result = ns }
 
     /**
      * Gets a data flow node that may refer to the socket.io namespace created at `ns`.
@@ -185,7 +198,7 @@ module SocketIO {
     }
 
     /** Gets the namespace to which this socket belongs. */
-    NamespaceObject getNamespace() { result = ns }
+    override NamespaceObject getNamespace() { result = ns }
 
     private DataFlow::SourceNode socket(DataFlow::TypeTracker t) {
       result = this and t.start()
@@ -314,18 +327,14 @@ module SocketIO {
 
     /**
      * Gets the socket through which data is sent to the client.
-     *
-     * This predicate is not defined for broadcasting sends.
      */
     SocketObject getSocket() { result = emitter }
 
     /**
      * Gets the namespace to which data is sent.
      */
     NamespaceObject getNamespace() {
-      result = emitter.(ServerObject).getDefaultNamespace() or
-      result = emitter.(NamespaceBase).getNamespace() or
-      result = emitter.(SocketObject).getNamespace()
+      result = emitter.getNamespace()
     }
 
     /** Gets the event name associated with the data, if it can be determined. */
@@ -357,7 +366,10 @@ module SocketIO {
       srv.ref().getAMethodCall("of").getArgument(0).mayHaveStringValue(path)
     }
 
-  /** An acknowledgment callback from sending message. */
+  /**
+   * An acknowledgment callback registered when sending a message to a client.
+   * Responses from clients are received using this callback. 
+   */
   class SendCallback extends EventRegistration::Range, DataFlow::FunctionNode {
     SendNode send;
 
@@ -373,7 +385,7 @@ module SocketIO {
     override DataFlow::Node getReceivedItem(int i) { result = this.getParameter(i) }
 
     /**
-     * Get the send node where this callback was registered.
+     * Gets the send node where this callback was registered.
      */
     SendNode getSendNode() { result = send }
   }
@@ -552,7 +564,7 @@ module SocketIOClient {
     override SocketIO::SendCallback getAReceiver() { result.getSendNode().getAReceiver() = rcv }
 
     /**
-     * Get the receive node where this callback was registered.
+     * Gets the receive node where this callback was registered.
      */
     ReceiveNode getReceiveNode() { result = rcv }
   }
@@ -607,7 +619,10 @@ module SocketIOClient {
     }
   }
 
-  /** An acknowledgment callback from sending message. */
+  /** 
+   * An acknowledgment callback registered when sending a message to a server.
+   * Responses from servers are received using this callback.
+   */
   class SendCallback extends EventRegistration::Range, DataFlow::FunctionNode {
     SendNode send;
 
@@ -621,7 +636,7 @@ module SocketIOClient {
     override DataFlow::Node getReceivedItem(int i) { result = this.getParameter(i) }
 
     /**
-     * Get the SendNode where this callback was registered.
+     * Gets the SendNode where this callback was registered.
      */
     SendNode getSendNode() { result = send }
   }
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/tests.expected b/javascript/ql/test/library-tests/frameworks/SocketIO/tests.expected
@@ -26,10 +26,10 @@ test_NamespaceNode
 | tst.js:45:1:45:7 | ns.json | socket.io namespace with path '/' |
 | tst.js:46:1:46:11 | ns.volatile | socket.io namespace with path '/' |
 | tst.js:47:1:47:8 | ns.local | socket.io namespace with path '/' |
-| tst.js:50:1:66:2 | io.on(' ... cal;\\n}) | socket.io namespace with path '/' |
-| tst.js:67:1:67:35 | io.on(' ...  => {}) | socket.io namespace with path '/' |
-| tst.js:68:1:68:32 | ns.on(' ...  => {}) | socket.io namespace with path '/' |
-| tst.js:69:1:73:2 | ns.on(' ... {});\\n}) | socket.io namespace with path '/' |
+| tst.js:50:1:67:2 | io.on(' ... t');\\n}) | socket.io namespace with path '/' |
+| tst.js:68:1:68:35 | io.on(' ...  => {}) | socket.io namespace with path '/' |
+| tst.js:69:1:69:32 | ns.on(' ...  => {}) | socket.io namespace with path '/' |
+| tst.js:70:1:74:2 | ns.on(' ... {});\\n}) | socket.io namespace with path '/' |
 test_ClientReceiveNode_getASender
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:30:1:30:28 | ns.emit ... event') |
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:31:1:31:20 | ns.send('a message') |
@@ -39,6 +39,7 @@ test_ClientReceiveNode_getASender
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:51:3:51:22 | socket.emit('event') |
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:54:3:54:43 | socket. ...  => {}) |
 | client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:55:3:55:27 | socket. ... ssage') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:66:3:66:36 | socket. ... dcast') |
 | client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:30:1:30:28 | ns.emit ... event') |
 | client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:31:1:31:20 | ns.send('a message') |
 | client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:39:1:39:31 | io.emit ... ssage') |
@@ -47,6 +48,7 @@ test_ClientReceiveNode_getASender
 | client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:51:3:51:22 | socket.emit('event') |
 | client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:54:3:54:43 | socket. ...  => {}) |
 | client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:55:3:55:27 | socket. ... ssage') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:66:3:66:36 | socket. ... dcast') |
 | client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:30:1:30:28 | ns.emit ... event') |
 | client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:31:1:31:20 | ns.send('a message') |
 | client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:39:1:39:31 | io.emit ... ssage') |
@@ -55,11 +57,12 @@ test_ClientReceiveNode_getASender
 | client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:51:3:51:22 | socket.emit('event') |
 | client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:54:3:54:43 | socket. ...  => {}) |
 | client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:55:3:55:27 | socket. ... ssage') |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:66:3:66:36 | socket. ... dcast') |
 | client2.js:18:1:18:41 | sock2.o ... dler')) | tst.js:32:1:32:22 | ns2.wri ... ssage') |
 test_ReceiveNode
-| tst.js:70:3:70:35 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
-| tst.js:71:3:71:46 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
-| tst.js:72:3:72:43 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
+| tst.js:71:3:71:35 | socket. ...  => {}) | tst.js:70:22:70:27 | socket |
+| tst.js:72:3:72:46 | socket. ...  => {}) | tst.js:70:22:70:27 | socket |
+| tst.js:73:3:73:43 | socket. ...  => {}) | tst.js:70:22:70:27 | socket |
 test_SendNode_getSentItem
 | tst.js:30:1:30:28 | ns.emit ... event') | 0 | tst.js:30:18:30:27 | 'an event' |
 | tst.js:31:1:31:20 | ns.send('a message') | 0 | tst.js:31:9:31:19 | 'a message' |
@@ -71,8 +74,8 @@ test_SendNode_getSentItem
 | tst.js:54:3:54:43 | socket. ...  => {}) | 1 | tst.js:54:20:54:28 | 'message' |
 | tst.js:55:3:55:27 | socket. ... ssage') | 0 | tst.js:55:16:55:26 | 'a message' |
 test_AdditionalFlowStep
-| client2.js:16:12:16:25 | "do you copy?" | tst.js:70:25:70:27 | msg |
-| client2.js:16:12:16:25 | "do you copy?" | tst.js:71:27:71:31 | data1 |
+| client2.js:16:12:16:25 | "do you copy?" | tst.js:71:25:71:27 | msg |
+| client2.js:16:12:16:25 | "do you copy?" | tst.js:72:27:72:31 | data1 |
 | client3.js:1:8:1:9 | io | client3.js:1:8:1:9 | io |
 | client4.js:1:8:1:9 | io | client4.js:1:8:1:9 | io |
 | tst.js:30:18:30:27 | 'an event' | client2.js:8:23:8:25 | msg |
@@ -110,12 +113,14 @@ test_SocketNode
 | tst.js:63:3:63:17 | socket.volatile | socket.io namespace with path '/' |
 | tst.js:64:3:64:18 | socket.broadcast | socket.io namespace with path '/' |
 | tst.js:65:3:65:14 | socket.local | socket.io namespace with path '/' |
-| tst.js:67:22:67:27 | socket | socket.io namespace with path '/' |
-| tst.js:68:19:68:24 | socket | socket.io namespace with path '/' |
-| tst.js:69:22:69:27 | socket | socket.io namespace with path '/' |
-| tst.js:70:3:70:35 | socket. ...  => {}) | socket.io namespace with path '/' |
-| tst.js:71:3:71:46 | socket. ...  => {}) | socket.io namespace with path '/' |
-| tst.js:72:3:72:43 | socket. ...  => {}) | socket.io namespace with path '/' |
+| tst.js:66:3:66:18 | socket.broadcast | socket.io namespace with path '/' |
+| tst.js:66:3:66:36 | socket. ... dcast') | socket.io namespace with path '/' |
+| tst.js:68:22:68:27 | socket | socket.io namespace with path '/' |
+| tst.js:69:19:69:24 | socket | socket.io namespace with path '/' |
+| tst.js:70:22:70:27 | socket | socket.io namespace with path '/' |
+| tst.js:71:3:71:35 | socket. ...  => {}) | socket.io namespace with path '/' |
+| tst.js:72:3:72:46 | socket. ...  => {}) | socket.io namespace with path '/' |
+| tst.js:73:3:73:43 | socket. ...  => {}) | socket.io namespace with path '/' |
 test_ClientSendNode_getEventName
 | client2.js:14:1:14:32 | sock.em ... there") | data |
 | client2.js:16:1:16:36 | sock.wr ...  => {}) | message |
@@ -124,8 +129,8 @@ test_ClientSendNode_getSentItem
 | client2.js:14:1:14:32 | sock.em ... there") | 1 | client2.js:14:25:14:31 | "there" |
 | client2.js:16:1:16:36 | sock.wr ...  => {}) | 0 | client2.js:16:12:16:25 | "do you copy?" |
 test_ReceiveNode_getEventName
-| tst.js:70:3:70:35 | socket. ...  => {}) | message |
-| tst.js:71:3:71:46 | socket. ...  => {}) | message |
+| tst.js:71:3:71:35 | socket. ...  => {}) | message |
+| tst.js:72:3:72:46 | socket. ...  => {}) | message |
 test_ClientSocketNode
 | client1.js:1:1:1:4 | io() | / |
 | client1.js:2:1:2:23 | io.conn ... sages") | /messages |
@@ -135,20 +140,21 @@ test_ClientSocketNode
 | client4.js:3:1:3:4 | io() | / |
 | client4.js:4:1:4:23 | io.conn ... sages") | /messages |
 test_ReceiveNode_getASender
-| tst.js:70:3:70:35 | socket. ...  => {}) | client2.js:14:1:14:32 | sock.em ... there") |
-| tst.js:70:3:70:35 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
-| tst.js:71:3:71:46 | socket. ...  => {}) | client2.js:14:1:14:32 | sock.em ... there") |
-| tst.js:71:3:71:46 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
-| tst.js:72:3:72:43 | socket. ...  => {}) | client2.js:14:1:14:32 | sock.em ... there") |
-| tst.js:72:3:72:43 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
+| tst.js:71:3:71:35 | socket. ...  => {}) | client2.js:14:1:14:32 | sock.em ... there") |
+| tst.js:71:3:71:35 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
+| tst.js:72:3:72:46 | socket. ...  => {}) | client2.js:14:1:14:32 | sock.em ... there") |
+| tst.js:72:3:72:46 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
+| tst.js:73:3:73:43 | socket. ...  => {}) | client2.js:14:1:14:32 | sock.em ... there") |
+| tst.js:73:3:73:43 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
 test_ReceiveNode_getReceivedItem
-| tst.js:70:3:70:35 | socket. ...  => {}) | 0 | tst.js:70:25:70:27 | msg |
-| tst.js:71:3:71:46 | socket. ...  => {}) | 0 | tst.js:71:27:71:31 | data1 |
-| tst.js:71:3:71:46 | socket. ...  => {}) | 1 | tst.js:71:34:71:38 | data2 |
+| tst.js:71:3:71:35 | socket. ...  => {}) | 0 | tst.js:71:25:71:27 | msg |
+| tst.js:72:3:72:46 | socket. ...  => {}) | 0 | tst.js:72:27:72:31 | data1 |
+| tst.js:72:3:72:46 | socket. ...  => {}) | 1 | tst.js:72:34:72:38 | data2 |
 test_SendNode_getSocket
 | tst.js:51:3:51:22 | socket.emit('event') | tst.js:50:19:50:24 | socket |
 | tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:50:19:50:24 | socket |
 | tst.js:55:3:55:27 | socket. ... ssage') | tst.js:50:19:50:24 | socket |
+| tst.js:66:3:66:36 | socket. ... dcast') | tst.js:50:19:50:24 | socket |
 test_ServerNode
 | tst.js:1:12:1:33 | require ... .io')() | tst.js:1:12:1:33 | require ... .io')() |
 | tst.js:4:13:4:24 | new Server() | tst.js:4:13:4:24 | new Server() |
@@ -162,16 +168,16 @@ test_ServerNode
 | tst.js:15:1:15:15 | io.attach(http) | tst.js:1:12:1:33 | require ... .io')() |
 | tst.js:16:1:16:15 | io.bind(engine) | tst.js:1:12:1:33 | require ... .io')() |
 | tst.js:17:1:17:23 | io.onco ... socket) | tst.js:1:12:1:33 | require ... .io')() |
-| tst.js:50:1:66:2 | io.on(' ... cal;\\n}) | tst.js:1:12:1:33 | require ... .io')() |
-| tst.js:67:1:67:35 | io.on(' ...  => {}) | tst.js:1:12:1:33 | require ... .io')() |
-| tst.js:79:1:79:10 | obj.server | tst.js:1:12:1:33 | require ... .io')() |
+| tst.js:50:1:67:2 | io.on(' ... t');\\n}) | tst.js:1:12:1:33 | require ... .io')() |
+| tst.js:68:1:68:35 | io.on(' ...  => {}) | tst.js:1:12:1:33 | require ... .io')() |
+| tst.js:80:1:80:10 | obj.server | tst.js:1:12:1:33 | require ... .io')() |
 test_ClientSendNode_getAReceiver
-| client2.js:14:1:14:32 | sock.em ... there") | tst.js:70:3:70:35 | socket. ...  => {}) |
-| client2.js:14:1:14:32 | sock.em ... there") | tst.js:71:3:71:46 | socket. ...  => {}) |
-| client2.js:14:1:14:32 | sock.em ... there") | tst.js:72:3:72:43 | socket. ...  => {}) |
-| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:70:3:70:35 | socket. ...  => {}) |
-| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:71:3:71:46 | socket. ...  => {}) |
-| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:72:3:72:43 | socket. ...  => {}) |
+| client2.js:14:1:14:32 | sock.em ... there") | tst.js:71:3:71:35 | socket. ...  => {}) |
+| client2.js:14:1:14:32 | sock.em ... there") | tst.js:72:3:72:46 | socket. ...  => {}) |
+| client2.js:14:1:14:32 | sock.em ... there") | tst.js:73:3:73:43 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:71:3:71:35 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:72:3:72:46 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:73:3:73:43 | socket. ...  => {}) |
 test_ClientReceiveNode_getAck
 | client2.js:10:1:12:2 | sock.on ... d");\\n}) | client2.js:10:22:10:23 | cb |
 test_ClientReceiveNode_getReceivedItem
@@ -205,6 +211,7 @@ test_SendNode
 | tst.js:51:3:51:22 | socket.emit('event') | socket.io namespace with path '/' |
 | tst.js:54:3:54:43 | socket. ...  => {}) | socket.io namespace with path '/' |
 | tst.js:55:3:55:27 | socket. ... ssage') | socket.io namespace with path '/' |
+| tst.js:66:3:66:36 | socket. ... dcast') | socket.io namespace with path '/' |
 test_SendNode_getAReceiver
 | tst.js:30:1:30:28 | ns.emit ... event') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
 | tst.js:30:1:30:28 | ns.emit ... event') | client2.js:8:1:8:33 | sock.on ...  => {}) |
@@ -231,6 +238,9 @@ test_SendNode_getAReceiver
 | tst.js:55:3:55:27 | socket. ... ssage') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
 | tst.js:55:3:55:27 | socket. ... ssage') | client2.js:8:1:8:33 | sock.on ...  => {}) |
 | tst.js:55:3:55:27 | socket. ... ssage') | client2.js:10:1:12:2 | sock.on ... d");\\n}) |
+| tst.js:66:3:66:36 | socket. ... dcast') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:66:3:66:36 | socket. ... dcast') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:66:3:66:36 | socket. ... dcast') | client2.js:10:1:12:2 | sock.on ... d");\\n}) |
 test_ServerObject
 | tst.js:1:12:1:33 | require ... .io')() | tst.js:1:12:1:33 | require ... .io')() | socket.io namespace with path '/' |
 | tst.js:4:13:4:24 | new Server() | tst.js:4:13:4:24 | new Server() | socket.io namespace with path '/' |
diff --git a/javascript/ql/test/library-tests/frameworks/SocketIO/tst.js b/javascript/ql/test/library-tests/frameworks/SocketIO/tst.js
@@ -63,6 +63,7 @@ io.on('connect', (socket) => {
   socket.volatile;
   socket.broadcast;
   socket.local;
+  socket.broadcast.emit('broadcast');
 });
 io.on('connection', (socket) => {});
 ns.on('connect', (socket) => {});
