JS: Fixes

Author: asgerf

javascript/ql/lib/semmle/javascript/ApiGraphs.qll

@@ -8,6 +8,7 @@
 import javascript
 private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps
 private import semmle.javascript.dataflow.internal.PreCallGraphStep
+private import semmle.javascript.dataflow.internal.StepSummary as StepSummary
 private import semmle.javascript.dataflow.internal.sharedlib.SummaryTypeTracker as SummaryTypeTracker
 private import internal.CachedStages
 
@@ -1238,8 +1239,6 @@ module API {
       t = useStep(nd, promisified, boundArgs, prop, result)
     }
 
-    private import semmle.javascript.dataflow.internal.StepSummary
-
     /**
      * Holds if `nd`, which is a use of an API-graph node, flows in zero or more potentially
      * inter-procedural steps to some intermediate node, and then from that intermediate node to
@@ -1251,9 +1250,9 @@ module API {
     private DataFlow::TypeTracker useStep(
       DataFlow::Node nd, boolean promisified, int boundArgs, string prop, DataFlow::Node res
     ) {
-      exists(DataFlow::TypeTracker t, StepSummary summary, DataFlow::SourceNode prev |
+      exists(DataFlow::TypeTracker t, StepSummary::StepSummary summary, DataFlow::SourceNode prev |
         prev = trackUseNode(nd, promisified, boundArgs, prop, t) and
-        StepSummary::step(prev, res, summary) and
+        StepSummary::StepSummary::step(prev, res, summary) and
         result = t.append(summary)
       )
     }
@@ -1308,9 +1307,9 @@ module API {
      */
     pragma[noopt]
     private DataFlow::TypeBackTracker defStep(DataFlow::Node nd, DataFlow::SourceNode prev) {
-      exists(DataFlow::TypeBackTracker t, StepSummary summary, DataFlow::Node next |
+      exists(DataFlow::TypeBackTracker t, StepSummary::StepSummary summary, DataFlow::Node next |
         next = trackDefNode(nd, t) and
-        StepSummary::step(prev, next, summary) and
+        StepSummary::StepSummary::step(prev, next, summary) and
         result = t.prepend(summary)
       )
     }
@@ -1385,7 +1384,7 @@ module API {
       or
       exists(string moduleName, string exportName |
         pred = MkModuleImport(moduleName) and
-        lbl = Label::member(exportName) and
+        lbl = Label::qualifiedTypeName(exportName) and
         succ = MkTypeUse(moduleName, exportName)
       )
       or
@@ -1495,7 +1494,11 @@ module API {
     /** Gets the `member` edge label for member `m`. */
     bindingset[m]
     bindingset[result]
-    LabelContent member(string m) { result.getContent().asPropertyName() = m }
+    LabelMember member(string m) { result.getProperty() = m }
+
+    bindingset[m]
+    bindingset[result]
+    LabelQualifiedName qualifiedTypeName(string m) { result.getName() = m }
 
     /** Gets the `content` edge label for content `c`. */
     LabelContent content(Content c) { result.getContent() = c }
@@ -1586,6 +1589,7 @@ module API {
         } or
         MkLabelInstance() or
         MkLabelContent(DataFlow::Content content) or
+        MkLabelMember(StepSummary::PropertyName name) or
         MkLabelParameter(int i) {
           i =
             [0 .. max(int args |
@@ -1594,6 +1598,11 @@ module API {
               )] or
           i = [0 .. 10]
         } or
+        MkLabelQualifiedName(string qname) {
+          any(DataFlow::SourceNode sn).hasUnderlyingType(qname)
+          or
+          any(DataFlow::SourceNode sn).hasUnderlyingType(_, qname)
+        } or
         MkLabelReceiver() or
         MkLabelReturn() or
         MkLabelDecoratedClass() or
@@ -1651,27 +1660,53 @@ module API {
       class LabelContent extends ApiLabel, MkLabelContent {
         private DataFlow::Content content;
 
-        LabelContent() { this = MkLabelContent(content) }
+        LabelContent() {
+          this = MkLabelContent(content) and
+          // Property names are represented by LabelMember to ensure additional property
+          // names from PreCallGraph step are included (which may not be included in Content).
+          not content instanceof MkPropertyContent
+        }
 
         /** Gets the content associated with this label. */
         DataFlow::Content getContent() { result = content }
 
+        private string specialisedToString() {
+          content instanceof MkPromiseValue and result = "getPromised()"
+          or
+          content instanceof MkPromiseError and result = "getPromisedError()"
+          or
+          content instanceof MkArrayElementUnknown and result = "getUnknownMember()"
+        }
+
         override string toString() {
-          result = "getMember(\"" + content.asPropertyName() + "\")"
+          result = this.specialisedToString()
           or
-          not exists(content.asPropertyName()) and
+          not exists(this.specialisedToString()) and
           result = "getContent(" + content + ")"
         }
       }
 
       /** A label for the member named `prop`. */
-      deprecated class LabelMember extends LabelContent {
-        private string prop;
+      class LabelMember extends ApiLabel, MkLabelMember {
+        private StepSummary::PropertyName prop;
 
-        LabelMember() { prop = this.getContent().asPropertyName() }
+        LabelMember() { this = MkLabelMember(prop) }
 
         /** Gets the property associated with this label. */
         string getProperty() { result = prop }
+
+        override string toString() { result = "getMember(\"" + prop + "\")" }
+      }
+
+      /** A label for the member named `prop`. */
+      class LabelQualifiedName extends ApiLabel, MkLabelQualifiedName {
+        private string prop;
+
+        LabelQualifiedName() { this = MkLabelQualifiedName(prop) }
+
+        string getName() { result = prop }
+
+        override string toString() { result = "getMember(\"" + prop + "\")" }
       }
 
       /** A label for a member with an unknown name. */

javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll

@@ -58,6 +58,14 @@ module Private {
       or
       isAccessPathTokenPresent("Member", this)
       or
+      this = any(ImportSpecifier spec).getImportedName()
+      or
+      this = any(ExportSpecifier n).getExportedName()
+      or
+      this = any(ExportNamedDeclaration d).getAnExportedDecl().getName()
+      or
+      this = any(MemberDefinition m).getName()
+      or
       this = ["exports", "default"] // needed by API graphs
     }