JS: Factor out some big-steps

asgerf · asgerf · commit 18a1946be8d6 · 2025-10-20T21:25:23.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
@@ -1277,30 +1277,25 @@ module API {
       boundArgs = 0 and
       prop = ""
       or
-      exists(Promisify::PromisifyCall promisify |
-        trackUseNode(nd, false, boundArgs, prop, t.continue()).flowsTo(promisify.getArgument(0)) and
-        promisified = true and
-        prop = "" and
-        result = promisify
-      )
+      promisificationBigStep(trackUseNode(nd, false, boundArgs, prop, t.continue()), result) and
+      promisified = true and
+      prop = ""
       or
-      exists(DataFlow::PartialInvokeNode pin, DataFlow::Node pred, int predBoundArgs |
-        trackUseNode(nd, promisified, predBoundArgs, prop, t.continue()).flowsTo(pred) and
-        prop = "" and
-        result = pin.getBoundFunction(pred, boundArgs - predBoundArgs) and
-        boundArgs in [0 .. 10]
+      exists(DataFlow::SourceNode pred, int predBoundArgs |
+        pred = trackUseNode(nd, promisified, predBoundArgs, prop, t.continue()) and
+        partialInvocationBigStep(pred, result, boundArgs - predBoundArgs)
       )
       or
       exists(DataFlow::SourceNode mid |
         mid = trackUseNode(nd, promisified, boundArgs, prop, t) and
         AdditionalUseStep::step(pragma[only_bind_out](mid), result)
       )
       or
-      exists(DataFlow::Node pred, string preprop |
-        trackUseNode(nd, promisified, boundArgs, preprop, t.continue()).flowsTo(pred) and
+      exists(DataFlow::SourceNode pred, string preprop |
+        pred = trackUseNode(nd, promisified, boundArgs, preprop, t.continue()) and
+        loadStoreBigStep(pred, result, prop) and
         promisified = false and
-        boundArgs = 0 and
-        SharedTypeTrackingStep::loadStoreStep(pred, result, prop)
+        boundArgs = 0
       |
         prop = preprop
         or
@@ -1310,6 +1305,28 @@ module API {
       t = useStep(nd, promisified, boundArgs, prop, result)
     }
 
+    pragma[nomagic]
+    private predicate promisificationBigStep(DataFlow::SourceNode node1, DataFlow::SourceNode node2) {
+      exists(Promisify::PromisifyCall promisify |
+        node1 = promisify.getArgument(0).getALocalSource() and
+        node2 = promisify
+      )
+    }
+
+    pragma[nomagic]
+    private predicate partialInvocationBigStep(
+      DataFlow::SourceNode node1, DataFlow::SourceNode node2, int boundArgs
+    ) {
+      node2 = any(DataFlow::PartialInvokeNode pin).getBoundFunction(node1.getALocalUse(), boundArgs)
+    }
+
+    pragma[nomagic]
+    private predicate loadStoreBigStep(
+      DataFlow::SourceNode node1, DataFlow::SourceNode node2, string prop
+    ) {
+      SharedTypeTrackingStep::loadStoreStep(node1.getALocalUse(), node2, prop)
+    }
+
     /**
      * Holds if `nd`, which is a use of an API-graph node, flows in zero or more potentially
      * inter-procedural steps to some intermediate node, and then from that intermediate node to
