refactor RedirectInvocation to a DataFlow::Node

Author: erik-krogh

javascript/ql/lib/semmle/javascript/frameworks/Express.qll

@@ -697,12 +697,12 @@ module Express {
   /**
    * An invocation of the `redirect` method of an HTTP response object.
    */
-  private class RedirectInvocation extends HTTP::RedirectInvocation, MethodCallExpr {
+  private class RedirectInvocation extends HTTP::RedirectInvocation, DataFlow::MethodCallNode {
     ResponseSource response;
 
-    RedirectInvocation() { this = response.ref().getAMethodCall("redirect").asExpr() }
+    RedirectInvocation() { this = response.ref().getAMethodCall("redirect") }
 
-    override Expr getUrlArgument() { result = this.getLastArgument() }
+    override DataFlow::Node getUrlArgument() { result = this.getLastArgument() }
 
     override RouteHandler getRouteHandler() { result = response.getRouteHandler() }
   }

javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll

@@ -351,14 +351,12 @@ module Fastify {
   /**
    * An invocation of the `redirect` method of an HTTP response object.
    */
-  private class RedirectInvocation extends HTTP::RedirectInvocation, MethodCallExpr {
+  private class RedirectInvocation extends HTTP::RedirectInvocation, DataFlow::MethodCallNode {
     RouteHandler rh;
 
-    RedirectInvocation() {
-      this = rh.getAResponseSource().ref().getAMethodCall("redirect").asExpr()
-    }
+    RedirectInvocation() { this = rh.getAResponseSource().ref().getAMethodCall("redirect") }
 
-    override Expr getUrlArgument() { result = this.getLastArgument() }
+    override DataFlow::Node getUrlArgument() { result = this.getLastArgument() }
 
     override RouteHandler getRouteHandler() { result = rh }
   }

javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll

@@ -12,9 +12,9 @@ module HTTP {
   /**
    * A function invocation that causes a redirect response to be sent.
    */
-  abstract class RedirectInvocation extends InvokeExpr {
+  abstract class RedirectInvocation extends DataFlow::CallNode {
     /** Gets the argument specifying the URL to redirect to. */
-    abstract Expr getUrlArgument();
+    abstract DataFlow::Node getUrlArgument();
 
     /** Gets the route handler this redirect occurs in. */
     abstract RouteHandler getRouteHandler();

javascript/ql/lib/semmle/javascript/frameworks/Koa.qll

@@ -422,12 +422,14 @@ module Koa {
   /**
    * An invocation of the `redirect` method of an HTTP response object.
    */
-  private class RedirectInvocation extends HTTP::RedirectInvocation, MethodCallExpr {
+  private class RedirectInvocation extends HTTP::RedirectInvocation, DataFlow::MethodCallNode {
     RouteHandler rh;
 
-    RedirectInvocation() { this.(MethodCallExpr).calls(rh.getAResponseOrContextExpr(), "redirect") }
+    RedirectInvocation() {
+      this.asExpr().(MethodCallExpr).calls(rh.getAResponseOrContextExpr(), "redirect")
+    } // TODO: Improve this.
 
-    override Expr getUrlArgument() { result = this.getArgument(0) }
+    override DataFlow::Node getUrlArgument() { result = this.getArgument(0) }
 
     override RouteHandler getRouteHandler() { result = rh }
   }

javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectCustomizations.qll

@@ -33,8 +33,8 @@ module ServerSideUrlRedirect {
   /**
    * An HTTP redirect, considered as a sink for `Configuration`.
    */
-  class RedirectSink extends Sink, DataFlow::ValueNode {
-    RedirectSink() { astNode = any(HTTP::RedirectInvocation redir).getUrlArgument() }
+  class RedirectSink extends Sink {
+    RedirectSink() { this = any(HTTP::RedirectInvocation redir).getUrlArgument() }
   }
 
   /**

javascript/ql/test/library-tests/frameworks/koa/RedirectInvocation.qll

@@ -1,7 +1,7 @@
 import javascript
 
 query predicate test_RedirectInvocation(
-  HTTP::RedirectInvocation redirect, Expr url, HTTP::RouteHandler rh
+  HTTP::RedirectInvocation redirect, DataFlow::Node url, HTTP::RouteHandler rh
 ) {
   redirect.getUrlArgument() = url and
   redirect.getRouteHandler() = rh