JS: Enhance isDomProperty to check for getAPropertyRead on DOM nodes

Napalys · Napalys · commit ab07420f43fd · 2025-05-26T11:43:37.000+02:00
diff --git a/javascript/ql/lib/Expressions/DOMProperties.qll b/javascript/ql/lib/Expressions/DOMProperties.qll
@@ -10,4 +10,8 @@ predicate isDomProperty(string p) {
   exists(ExternalMemberDecl emd | emd.getName() = p |
     isDomRootType(emd.getDeclaringType().getASupertype*())
   )
+  or
+  exists(DataFlow::SourceNode domNode | isDomNode(domNode) |
+    p = domNode.getAPropertyRead().getPropertyName()
+  )
 }
diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.expected b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.expected
@@ -1,5 +1,3 @@
-| dom.js:5:3:5:18 | box.offsetHeight | This expression has no effect. |
-| dom.js:11:5:11:40 | documen ... ntWidth | This expression has no effect. |
 | try.js:22:9:22:26 | x.ordinaryProperty | This expression has no effect. |
 | tst2.js:2:4:2:4 | 0 | This expression has no effect. |
 | tst.js:3:1:3:2 | 23 | This expression has no effect. |
diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/dom.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/dom.js
@@ -2,12 +2,12 @@ function f() {
   const box = document.getElementById('box');
   box.classList.remove('animate');
   // Force a reflow by reading layout property (side effect!)
-  box.offsetHeight; // $SPURIOUS:Alert
+  box.offsetHeight;
 
   try {
     console.log("Hello, world!");
   } catch (e) {
     // Reading this property also forces layout
-    document.documentElement.clientWidth; // $SPURIOUS:Alert
+    document.documentElement.clientWidth;
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -10,4 +10,8 @@ predicate isDomProperty(string p) {`
`10`	`10`	`exists(ExternalMemberDecl emd \| emd.getName() = p \|`
`11`	`11`	`isDomRootType(emd.getDeclaringType().getASupertype*())`
`12`	`12`	`)`
	`13`	`+ or`
	`14`	`+ exists(DataFlow::SourceNode domNode \| isDomNode(domNode) \|`
	`15`	`+ p = domNode.getAPropertyRead().getPropertyName()`
	`16`	`+ )`
`13`	`17`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-\| dom.js:5:3:5:18 \| box.offsetHeight \| This expression has no effect. \|`
`2`		`-\| dom.js:11:5:11:40 \| documen ... ntWidth \| This expression has no effect. \|`
`3`	`1`	`\| try.js:22:9:22:26 \| x.ordinaryProperty \| This expression has no effect. \|`
`4`	`2`	`\| tst2.js:2:4:2:4 \| 0 \| This expression has no effect. \|`
`5`	`3`	`\| tst.js:3:1:3:2 \| 23 \| This expression has no effect. \|`
Original file line number	Diff line number	Diff line change
`@@ -2,12 +2,12 @@ function f() {`
`2`	`2`	`const box = document.getElementById('box');`
`3`	`3`	`box.classList.remove('animate');`
`4`	`4`	`// Force a reflow by reading layout property (side effect!)`
`5`		`- box.offsetHeight; // $SPURIOUS:Alert`
	`5`	`+ box.offsetHeight;`
`6`	`6`
`7`	`7`	`try {`
`8`	`8`	`console.log("Hello, world!");`
`9`	`9`	`} catch (e) {`
`10`	`10`	`// Reading this property also forces layout`
`11`		`- document.documentElement.clientWidth; // $SPURIOUS:Alert`
	`11`	`+ document.documentElement.clientWidth;`
`12`	`12`	`}`
`13`	`13`	`}`