JS: Restore dirname functionality in a simpler way

Author: asgerf

javascript/ql/lib/semmle/javascript/internal/paths/PathConcatenation.qll

@@ -0,0 +1,31 @@
+private import javascript
+
+/**
+ * A path expression that can be constant-folded by concatenating other paths.
+ */
+abstract class PathConcatenation extends Expr {
+  /** Gets the separator to insert between paths */
+  string getSeparator() { result = "" }
+
+  /** Gets the `n`th operand to concatenate. */
+  abstract Expr getOperand(int n);
+}
+
+private class AddExprConcatenation extends PathConcatenation, AddExpr {
+  override Expr getOperand(int n) {
+    n = 0 and result = this.getLeftOperand()
+    or
+    n = 1 and result = this.getRightOperand()
+  }
+}
+
+private class JoinCallConcatenation extends PathConcatenation, CallExpr {
+  JoinCallConcatenation() {
+    this.getReceiver().(VarAccess).getName() = "path" and
+    this.getCalleeName() = "join"
+  }
+
+  override Expr getOperand(int n) { result = this.getArgument(n) }
+
+  override string getSeparator() { result = "/" }
+}

javascript/ql/lib/semmle/javascript/internal/paths/PathExprResolver.qll

@@ -2,6 +2,8 @@ private import javascript
 private import semmle.javascript.TSConfig
 private import semmle.javascript.internal.paths.PackageJsonEx
 private import semmle.javascript.internal.paths.JSPaths
+private import semmle.javascript.internal.paths.PathConcatenation
+private import semmle.javascript.dataflow.internal.DataFlowNode
 
 File getFileFromFolderImport(Folder folder) {
   result = folder.getJavaScriptFileOrTypings("index")
@@ -14,15 +16,68 @@ File getFileFromFolderImport(Folder folder) {
   )
 }
 
+private Variable dirname() { result.getName() = "__dirname" }
+
+private Variable filename() { result.getName() = "__filename" }
+
 private signature predicate exprSig(Expr e);
 
 module ResolveExpr<exprSig/1 shouldResolveExpr> {
+  /** Holds if we need the constant-value of `node`. */
+  private predicate needsConstantFolding(EarlyStageNode node) {
+    exists(Expr e |
+      shouldResolveExpr(e) and
+      node = TValueNode(e)
+    )
+    or
+    exists(EarlyStageNode needsFolding | needsConstantFolding(needsFolding) |
+      DataFlow::Impl::earlyStageImmediateFlowStep(node, needsFolding)
+      or
+      exists(PathConcatenation joiner |
+        needsFolding = TValueNode(joiner) and
+        node = TValueNode(joiner.getOperand(_))
+      )
+    )
+  }
+
+  /** Gets the constant-value of `node` */
+  language[monotonicAggregates]
+  private string getValue(EarlyStageNode node) {
+    needsConstantFolding(node) and
+    (
+      exists(Expr e | node = TValueNode(e) |
+        result = e.getStringValue()
+        or
+        e = dirname().getAnAccess() and
+        result = "./" // Ensure the path gets interpreted relative to the current directory
+        or
+        e = filename().getAnAccess() and
+        result = "./" + e.getFile().getBaseName()
+      )
+      or
+      exists(EarlyStageNode pred |
+        DataFlow::Impl::earlyStageImmediateFlowStep(pred, node) and
+        result = getValue(pred)
+      )
+      or
+      exists(PathConcatenation join |
+        node = TValueNode(join) and
+        result =
+          strictconcat(int n, EarlyStageNode child, string sep |
+            child = TValueNode(join.getOperand(n)) and sep = join.getSeparator()
+          |
+            getValue(child), sep order by n
+          )
+      )
+    )
+  }
+
   final private class FinalExpr = Expr;
 
   private class RelevantExpr extends FinalExpr {
     RelevantExpr() { shouldResolveExpr(this) }
 
-    string getValue() { result = this.getStringValue() }
+    string getValue() { result = getValue(TValueNode(this)) }
   }
 
   /**
@@ -66,17 +121,6 @@ module ResolveExpr<exprSig/1 shouldResolveExpr> {
     result = expr.getValue().regexpFind("^(@[^/\\\\]+[/\\\\])?[^@./\\\\][^/\\\\]*", _, _)
   }
 
-  private Variable dirname() { result.getName() = "__dirname" }
-
-  /** Holds if `add` is a relevant path expression of form `__dirname + expr`. */
-  private predicate prefixedByDirname(Expr expr) {
-    expr = dirname().getAnAccess()
-    or
-    prefixedByDirname(expr.(AddExpr).getLeftOperand())
-    or
-    prefixedByDirname(expr.(CallExpr).getArgument(0))
-  }
-
   /**
    * Holds if `expr` matches a path mapping, and should thus be resolved as `newPath` relative to `base`.
    */
@@ -139,12 +183,6 @@ module ResolveExpr<exprSig/1 shouldResolveExpr> {
     // Relative paths are resolved from their enclosing folder
     relativePathExpr(expr, base, path)
     or
-    // Paths prefixed by __dirname should be resolved from the root dir, because __dirname
-    // currently has a getValue() that returns its absolute path.
-    prefixedByDirname(expr) and
-    not exists(base.getParentContainer()) and // get root dir
-    path = expr.getValue()
-    or
     resolveViaPathMapping(expr, base, path)
     or
     // Resolve from baseUrl of relevant tsconfig.json file

javascript/ql/test/library-tests/PathResolution/DirnameImports/main.js

@@ -2,20 +2,20 @@
 const path = require('path');
 
 // Using __dirname directly
-const direct = require(__dirname + '/target.js'); // $ MISSING: importTarget=DirnameImports/target.js
+const direct = require(__dirname + '/target.js'); // $ importTarget=DirnameImports/target.js
 
 // Using __dirname with path.join
-const withPathJoin = require(path.join(__dirname, 'target.js')); // $ MISSING: importTarget=DirnameImports/target.js
+const withPathJoin = require(path.join(__dirname, 'target.js')); // $ importTarget=DirnameImports/target.js
 
 // Using __dirname with nested path
-const nested = require(__dirname + '/nested/target.js'); // $ MISSING: importTarget=DirnameImports/nested/target.js
+const nested = require(__dirname + '/nested/target.js'); // $ importTarget=DirnameImports/nested/target.js
 
 // Using __dirname with parent directory
-const parent = require(__dirname + '/../import-packages.ts'); // $ MISSING: importTarget=import-packages.ts
+const parent = require(__dirname + '/../import-packages.ts'); // $ importTarget=import-packages.ts
 
 // Using __dirname with path concat and variable
 const subdir = 'nested';
-const dynamic = require(__dirname + '/' + subdir + '/target.js'); // $ MISSING: importTarget=DirnameImports/nested/target.js
+const dynamic = require(__dirname + '/' + subdir + '/target.js'); // $ importTarget=DirnameImports/nested/target.js
 
 // Using __dirname in an AddExpr chain
-const chainedAdd = require(__dirname + '/' + 'target.js'); // $ MISSING: importTarget=DirnameImports/target.js
+const chainedAdd = require(__dirname + '/' + 'target.js'); // $ importTarget=DirnameImports/target.js

javascript/ql/test/library-tests/PathResolution/test.expected

@@ -40,6 +40,12 @@
 | DeclarationFiles/src/main.ts:5:1:5:27 | import  ... cript"; | DeclarationFiles/lib/typescript.ts |
 | DeclarationFiles/src/main.ts:6:1:6:30 | import  ... pt.js"; | DeclarationFiles/lib/typescript.ts |
 | DeclarationFiles/src/main.ts:7:1:7:32 | import  ... .d.ts"; | DeclarationFiles/lib/typescript.d.ts |
+| DirnameImports/main.js:5:16:5:48 | require ... et.js') | DirnameImports/target.js |
+| DirnameImports/main.js:8:22:8:63 | require ... t.js')) | DirnameImports/target.js |
+| DirnameImports/main.js:11:16:11:55 | require ... et.js') | DirnameImports/nested/target.js |
+| DirnameImports/main.js:14:16:14:60 | require ... es.ts') | import-packages.ts |
+| DirnameImports/main.js:18:17:18:64 | require ... et.js') | DirnameImports/nested/target.js |
+| DirnameImports/main.js:21:20:21:57 | require ... et.js') | DirnameImports/target.js |
 | Extended/src/main.ts:2:1:2:21 | import  ... /file"; | Extended/lib/file.ts |
 | Extended/src/main.ts:3:1:3:24 | import  ... le.ts"; | Extended/lib/file.ts |
 | Extended/src/main.ts:4:1:4:24 | import  ... le.js"; | Extended/lib/file.ts |