JavaScript: Improve detection of require calls.

Author: Max Schaefer

javascript/ql/src/semmle/javascript/NodeJS.qll

@@ -132,7 +132,13 @@ predicate findNodeModulesFolder(Folder f, Folder nodeModules, int distance) {
  */
 private class RequireVariable extends Variable {
   RequireVariable() {
-    exists (ModuleScope m | this = m.getVariable("require"))
+    this = any(ModuleScope m).getVariable("require")
+    or
+    // cover cases where we failed to detect Node.js code
+    this.(GlobalVariable).getName() = "require"
+    or
+    // track through assignments to other variables
+    this.getAnAssignedExpr().(VarAccess).getVariable() instanceof RequireVariable
   }
 }
 
@@ -149,7 +155,9 @@ private predicate moduleInFile(Module m, File f) {
 class Require extends CallExpr, Import {
   Require() {
     exists (RequireVariable req |
-      this.getCallee() = req.getAnAccess()
+      this.getCallee() = req.getAnAccess() and
+      // `mjs` files explicitly disallow `require`
+      getFile().getExtension() != "mjs"
     )
   }
 

javascript/ql/test/library-tests/NodeJS/Require.expected

@@ -1,14 +1,18 @@
-| a.js:1:9:1:22 | require('./b') | ./b | b.js:1:1:8:0 | <toplevel> |
-| a.js:3:6:3:23 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
-| a.js:4:6:4:29 | require ... /d.js') | ./sub/../d.js | d.js:1:1:7:15 | <toplevel> |
-| a.js:7:1:7:18 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
-| a.js:10:1:10:18 | require(__dirname) |  | index.js:1:1:3:0 | <toplevel> |
-| a.js:11:1:11:25 | require ... + '/e') | /e | e.js:1:1:7:0 | <toplevel> |
-| a.js:12:1:12:28 | require ...  + 'c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
-| b.js:1:1:1:18 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
-| d.js:7:1:7:14 | require('foo') | foo | sub/f.js:1:1:4:17 | <toplevel> |
-| index.js:2:1:2:41 | require ... b.js")) | /index.js/../b.js | b.js:1:1:8:0 | <toplevel> |
-| mjs-files/require-from-js.js:1:12:1:36 | require ... on-me') | ./depend-on-me | mjs-files/depend-on-me.mjs:1:1:7:1 | <toplevel> |
-| mjs-files/require-from-js.js:2:12:2:39 | require ... me.js') | ./depend-on-me.js | mjs-files/depend-on-me.js:1:1:8:0 | <toplevel> |
-| mjs-files/require-from-js.js:3:12:3:40 | require ... e.mjs') | ./depend-on-me.mjs | mjs-files/depend-on-me.mjs:1:1:7:1 | <toplevel> |
-| sub/c.js:1:1:1:15 | require('../a') | ../a | a.js:1:1:14:0 | <toplevel> |
+| a.js:1:9:1:22 | require('./b') |
+| a.js:2:7:2:19 | require('fs') |
+| a.js:3:6:3:23 | require('./sub/c') |
+| a.js:4:6:4:29 | require ... /d.js') |
+| a.js:7:1:7:18 | require('./sub/c') |
+| a.js:10:1:10:18 | require(__dirname) |
+| a.js:11:1:11:25 | require ... + '/e') |
+| a.js:12:1:12:28 | require ...  + 'c') |
+| b.js:1:1:1:18 | require('./sub/c') |
+| d.js:1:1:1:38 | require ... s/ini') |
+| d.js:7:1:7:14 | require('foo') |
+| f.js:2:1:2:7 | r("fs") |
+| index.js:1:12:1:26 | require('path') |
+| index.js:2:1:2:41 | require ... b.js")) |
+| mjs-files/require-from-js.js:1:12:1:36 | require ... on-me') |
+| mjs-files/require-from-js.js:2:12:2:39 | require ... me.js') |
+| mjs-files/require-from-js.js:3:12:3:40 | require ... e.mjs') |
+| sub/c.js:1:1:1:15 | require('../a') |

javascript/ql/test/library-tests/NodeJS/Require.ql

@@ -1,6 +1,4 @@
 import semmle.javascript.NodeJS
 
-from Require r, string fullpath, string prefix
-where fullpath = r.getImportedPath().getValue() and
-      sourceLocationPrefix(prefix)
-select r, fullpath.replaceAll(prefix, ""), r.getImportedModule()
+from Require r
+select r

javascript/ql/test/library-tests/NodeJS/RequireImport.expected

@@ -0,0 +1,14 @@
+| a.js:1:9:1:22 | require('./b') | ./b | b.js:1:1:8:0 | <toplevel> |
+| a.js:3:6:3:23 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
+| a.js:4:6:4:29 | require ... /d.js') | ./sub/../d.js | d.js:1:1:7:15 | <toplevel> |
+| a.js:7:1:7:18 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
+| a.js:10:1:10:18 | require(__dirname) |  | index.js:1:1:3:0 | <toplevel> |
+| a.js:11:1:11:25 | require ... + '/e') | /e | e.js:1:1:7:0 | <toplevel> |
+| a.js:12:1:12:28 | require ...  + 'c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
+| b.js:1:1:1:18 | require('./sub/c') | ./sub/c | sub/c.js:1:1:4:0 | <toplevel> |
+| d.js:7:1:7:14 | require('foo') | foo | sub/f.js:1:1:4:17 | <toplevel> |
+| index.js:2:1:2:41 | require ... b.js")) | /index.js/../b.js | b.js:1:1:8:0 | <toplevel> |
+| mjs-files/require-from-js.js:1:12:1:36 | require ... on-me') | ./depend-on-me | mjs-files/depend-on-me.mjs:1:1:7:1 | <toplevel> |
+| mjs-files/require-from-js.js:2:12:2:39 | require ... me.js') | ./depend-on-me.js | mjs-files/depend-on-me.js:1:1:8:0 | <toplevel> |
+| mjs-files/require-from-js.js:3:12:3:40 | require ... e.mjs') | ./depend-on-me.mjs | mjs-files/depend-on-me.mjs:1:1:7:1 | <toplevel> |
+| sub/c.js:1:1:1:15 | require('../a') | ../a | a.js:1:1:14:0 | <toplevel> |

javascript/ql/test/library-tests/NodeJS/RequireImport.ql

@@ -0,0 +1,6 @@
+import semmle.javascript.NodeJS
+
+from Require r, string fullpath, string prefix
+where fullpath = r.getImportedPath().getValue() and
+      sourceLocationPrefix(prefix)
+select r, fullpath.replaceAll(prefix, ""), r.getImportedModule()

javascript/ql/test/library-tests/NodeJS/f.js

@@ -0,0 +1,2 @@
+var r = require;
+r("fs");