JS: Expose argumentPassing as DataFlow::argumentPassingStep

Author: asgerf

javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql

@@ -180,8 +180,8 @@ predicate dynamicPropReadStep(Node base, Node key, SourceNode output) {
     keyParam.flowsTo(innerKey) and
     innerOutput.flowsTo(callee.getAReturnedExpr().flow()) and
     call.getACallee() = callee and
-    argumentPassing(call, base, callee, baseParam) and
-    argumentPassing(call, key, callee, keyParam) and
+    argumentPassingStep(call, base, callee, baseParam) and
+    argumentPassingStep(call, key, callee, keyParam) and
     output = call
   )
 }
@@ -198,12 +198,12 @@ predicate isEnumeratedPropName(Node node) {
   |
     node = pred.getASuccessor()
     or
-    argumentPassing(_, pred, _, node)
+    argumentPassingStep(_, pred, _, node)
     or
     // Handle one level of callbacks
     exists(FunctionNode function, ParameterNode callback, int i |
       pred = callback.getAnInvocation().getArgument(i) and
-      argumentPassing(_, function, _, callback) and
+      argumentPassingStep(_, function, _, callback) and
       node = function.getParameter(i)
     )
   )
@@ -223,7 +223,7 @@ predicate isPotentiallyObjectPrototype(SourceNode node) {
   exists(Node use |
     isPotentiallyObjectPrototype(use.getALocalSource())
   |
-    argumentPassing(_, use, _, node)
+    argumentPassingStep(_, use, _, node)
   )
 }
 

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

@@ -20,6 +20,7 @@
 
 import javascript
 private import internal.CallGraphs
+private import internal.FlowSteps as FlowSteps
 
 module DataFlow {
   cached
@@ -1470,6 +1471,8 @@ module DataFlow {
     )
   }
 
+  predicate argumentPassingStep = FlowSteps::argumentPassing/4;
+
   /**
    * Gets the data flow node representing the source of definition `def`, taking
    * flow through IIFE calls into account.