JS: More stuff

asgerf · asgerf · commit 03bc3344391c · 2025-09-17T11:06:28.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll
@@ -339,6 +339,12 @@ private module CachedSteps {
       pred = DataFlow::valueNode(node1) and
       succ = getNodeFromNameResolutionNode(node2)
     )
+    or
+    exists(Import imprt, Module mod |
+      imprt.getImportedModule() = mod and
+      pred = DataFlow::valueNode(NameResolution::getModuleBulkExport(mod)) and
+      succ = imprt.getImportedModuleNodeStrict()
+    )
   }
 
   pragma[inline]
diff --git a/javascript/ql/lib/semmle/javascript/internal/NameResolution.qll b/javascript/ql/lib/semmle/javascript/internal/NameResolution.qll
@@ -188,7 +188,7 @@ module NameResolution {
   private predicate commonStep(Node node1, Node node2) {
     commonStep1(node1, node2)
     or
-    node2 = ValueFlow::exportsObjectRhs(node1)
+    node2 = exportsObjectRhs(node1)
   }
 
   /**
@@ -216,7 +216,8 @@ module NameResolution {
     exists(PropAccess access |
       node1 = access.getBase() and
       name = access.getPropertyName() and
-      node2 = access
+      node2 = access and
+      access instanceof RValue
     )
     or
     exists(ObjectPattern pattern |
@@ -268,6 +269,66 @@ module NameResolution {
     )
   }
 
+  pragma[nomagic]
+  private GlobalVarAccess globalAccess(Module mod, string name) {
+    result.getName() = name and
+    result.getTopLevel() = mod and
+    name = ["exports", "module"] // manually restrict size of predicate
+  }
+
+  /** Gets a reference to the CommonJS `module` object within the given module. */
+  private Node moduleObjectRef(Module mod) {
+    result = mod.getScope().getVariable("module").getAnAccess()
+    or
+    result = globalAccess(mod, "module")
+    or
+    commonStep1(moduleObjectRef(mod), result)
+  }
+
+  /** Gets the right-hand side of an assignment to `module.exports` within the given module. */
+  private Node exportsObjectRhs(Module mod) {
+    exists(AssignExpr assign |
+      assign.getLhs().(PropAccess).accesses(moduleObjectRef(mod), "exports") and
+      result = assign.getRhs()
+    )
+  }
+
+  /** Gets a node that is bulk-exported from the given module. */
+  Node getModuleBulkExport(ModuleLike mod) { result = exportsObjectRhs(mod) }
+
+  /** Gets a node that flows to `module.exports` within the given module. */
+  private Node exportsObjectRhsPred(Module mod) { commonStep1*(result, exportsObjectRhs(mod)) }
+
+  /** Gets a node that is an alias for `module.exports` within the given module. */
+  private Node exportsObjectAlias(Module mod) {
+    result = mod.getScope().getVariable("exports").getAnAccess()
+    or
+    result = globalAccess(mod, "exports")
+    or
+    result.(ThisExpr).getBindingContainer() = mod and
+    mod instanceof NodeModule
+    or
+    readStep(moduleObjectRef(mod), "exports", result)
+    or
+    result = exportsObjectRhsPred(mod)
+    or
+    commonStep(exportsObjectAlias(mod), result)
+  }
+
+  /** Holds if `node` is stored into `module.exports.<name>` within the given module. */
+  private predicate storeToExports(Node node, Module mod, string name) {
+    exists(AssignExpr assign |
+      node = assign.getRhs() and
+      assign.getLhs().(PropAccess).accesses(exportsObjectAlias(mod), name)
+    )
+    or
+    exists(Property prop |
+      node = prop.getInit() and
+      name = prop.getName() and
+      prop.getObjectExpr() = exportsObjectAlias(mod)
+    )
+  }
+
   private signature module TypeResolutionInputSig {
     /**
      * Holds if flow is permitted through the given variable.
@@ -399,58 +460,6 @@ module NameResolution {
       value = target.getAnAssignedExpr().(ObjectExpr).getPropertyByName(prop).getInit()
     }
 
-    pragma[nomagic]
-    private GlobalVarAccess globalAccess(Module mod, string name) {
-      result.getName() = name and
-      result.getTopLevel() = mod and
-      name = ["exports", "module"] // manually restrict size of predicate
-    }
-
-    private Node moduleObjectRef(Module mod) {
-      result = mod.getScope().getVariable("module").getAnAccess()
-      or
-      result = globalAccess(mod, "module")
-      or
-      commonStep1(moduleObjectRef(mod), result)
-    }
-
-    Node exportsObjectRhs(Module mod) {
-      exists(AssignExpr assign |
-        assign.getLhs().(PropAccess).accesses(moduleObjectRef(mod), "exports") and
-        result = assign.getRhs()
-      )
-    }
-
-    private Node exportsObjectRhsPred(Module mod) { commonStep1*(result, exportsObjectRhs(mod)) }
-
-    private Node exportsObjectAlias(Module mod) {
-      result = mod.getScope().getVariable("exports").getAnAccess()
-      or
-      result = globalAccess(mod, "exports")
-      or
-      result.(ThisExpr).getBindingContainer() = mod and
-      mod instanceof NodeModule
-      or
-      readStep(moduleObjectRef(mod), "exports", result)
-      or
-      result = exportsObjectRhsPred(mod)
-      or
-      commonStep(exportsObjectAlias(mod), result)
-    }
-
-    private predicate storeToExports(Node node, Module mod, string name) {
-      exists(AssignExpr assign |
-        node = assign.getRhs() and
-        assign.getLhs().(PropAccess).accesses(exportsObjectAlias(mod), name)
-      )
-      or
-      exists(Property prop |
-        node = prop.getInit() and
-        name = prop.getName() and
-        prop.getObjectExpr() = exportsObjectAlias(mod)
-      )
-    }
-
     /** Steps that only apply for this configuration. */
     private predicate specificStep(Node node1, Node node2) {
       exists(LexicalName var | S::isRelevantVariable(var) |
@@ -519,6 +528,8 @@ module NameResolution {
     or
     defaultImportInteropStep(trackModule(mod), result) and
     not mod.(ES2015Module).hasBothNamedAndDefaultExports()
+    or
+    result = exportsObjectAlias(mod)
   }
 
   predicate trackClassValue = ValueFlow::TrackNode<ClassDefinition>::track/1;
diff --git a/javascript/ql/test/library-tests/EndpointNaming/EndpointNaming.expected b/javascript/ql/test/library-tests/EndpointNaming/EndpointNaming.expected
@@ -1,9 +1,4 @@
 testFailures
-| pack8/foo.js:1:1:1:12 |  | Unexpected result: name=(pack8).Foo.Foo |
-| pack8/foo.js:1:14:1:34 | // $ na ... k8).Foo | Missing result: name=(pack8).Foo |
-| pack8/foo.js:4:26:4:28 |  | Unexpected result: alias=(pack8).Foo.default==(pack8).Foo.Foo |
-| pack8/foo.js:4:31:4:73 | // $ al ... k8).Foo | Missing result: alias=(pack8).Foo.default==(pack8).Foo |
-| pack8/foo.js:5:27:5:65 | // $ al ... k8).Foo | Missing result: alias=(pack8).Foo.Foo==(pack8).Foo |
 ambiguousPreferredPredecessor
 | pack2/lib.js:1:1:3:1 | def moduleImport("pack2").getMember("exports").getMember("lib").getMember("LibClass").getInstance() |
 | pack2/lib.js:8:22:8:34 | def moduleImport("pack2").getMember("exports").getMember("lib").getMember("LibClass").getMember("foo") |

Original file line number	Diff line number	Diff line change
`@@ -339,6 +339,12 @@ private module CachedSteps {`
`339`	`339`	`pred = DataFlow::valueNode(node1) and`
`340`	`340`	`succ = getNodeFromNameResolutionNode(node2)`
`341`	`341`	`)`
	`342`	`+ or`
	`343`	`+ exists(Import imprt, Module mod \|`
	`344`	`+ imprt.getImportedModule() = mod and`
	`345`	`+ pred = DataFlow::valueNode(NameResolution::getModuleBulkExport(mod)) and`
	`346`	`+ succ = imprt.getImportedModuleNodeStrict()`
	`347`	`+ )`
`342`	`348`	`}`
`343`	`349`
`344`	`350`	`pragma[inline]`