wip

Author: asgerf

javascript/ql/lib/semmle/javascript/AMD.qll

@@ -191,30 +191,12 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
   }
 
   /**
+   * DEPRECATED. Abstract values are no longer used to track module exports.
+   *
    * Gets an abstract value representing one or more values that may flow
    * into this module's `module.exports` property.
    */
-  DefiniteAbstractValue getAModuleExportsValue() {
-    result = [this.getAnImplicitExportsValue(), this.getAnExplicitExportsValue()]
-  }
-
-  pragma[noinline, nomagic]
-  private AbstractValue getAnImplicitExportsValue() {
-    // implicit exports: anything that is returned from the factory function
-    result = this.getModuleExpr().analyze().getAValue()
-  }
-
-  pragma[noinline]
-  private AbstractValue getAnExplicitExportsValue() {
-    // explicit exports: anything assigned to `module.exports`
-    exists(AbstractProperty moduleExports, AmdModule m |
-      this = m.getDefine() and
-      moduleExports.getBase().(AbstractModuleObject).getModule() = m and
-      moduleExports.getPropertyName() = "exports"
-    |
-      result = moduleExports.getAValue()
-    )
-  }
+  deprecated DefiniteAbstractValue getAModuleExportsValue() { none() }
 
   /**
    * Gets a call to `require` inside this module.
@@ -357,21 +339,19 @@ class AmdModule extends Module {
   AmdModuleDefinition getDefine() { amdModuleTopLevel(result, this) }
 
   override DataFlow::Node getAnExportedValue(string name) {
-    exists(DataFlow::PropWrite pwn | result = pwn.getRhs() |
-      pwn.getBase().analyze().getAValue() = this.getDefine().getAModuleExportsValue() and
-      name = pwn.getPropertyName()
-    )
+    none() // TODO: AMD getAnExportedValue
   }
 
   override DataFlow::Node getABulkExportedNode() {
+    // TODO: AMD getABulkExportedNode
     // Assigned to `module.exports` via the factory's `module` parameter
-    exists(AbstractModuleObject m, DataFlow::PropWrite write |
-      m.getModule() = this and
-      write.getPropertyName() = "exports" and
-      write.getBase().analyze().getAValue() = m and
-      result = write.getRhs()
-    )
-    or
+    // exists(AbstractModuleObject m, DataFlow::PropWrite write |
+    //   m.getModule() = this and
+    //   write.getPropertyName() = "exports" and
+    //   write.getBase().analyze().getAValue() = m and
+    //   result = write.getRhs()
+    // )
+    // or
     // Returned from factory function
     result = this.getDefine().getModuleExpr().flow()
   }

javascript/ql/lib/semmle/javascript/NodeJS.qll

@@ -37,24 +37,34 @@ class NodeModule extends Module {
    * into this module's `module.exports` property.
    */
   pragma[noinline]
-  DefiniteAbstractValue getAModuleExportsValue() {
-    result = this.getAModuleExportsProperty().getAValue()
+  deprecated DefiniteAbstractValue getAModuleExportsValue() { none() }
+
+  /**
+   * Gets the `SourceNode` corresponding to the value of `module`.
+   */
+  private DataFlow::SourceNode getModuleSourceNode() {
+    result = DataFlow::ssaDefinitionNode(Ssa::implicitInit(this.getModuleVariable()))
   }
 
-  pragma[noinline]
-  private AbstractProperty getAModuleExportsProperty() {
-    result.getBase().(AbstractModuleObject).getModule() = this and
-    result.getPropertyName() = "exports"
+  /**
+   * Gets a `SourceNode` corresponding to the initial value of `module.exports` or
+   * anything assigned to `module.exports`.
+   */
+  private DataFlow::SourceNode getExportsSourceNode() {
+    result = DataFlow::ssaDefinitionNode(Ssa::implicitInit(this.getExportsVariable()))
+    or
+    result = this.getModuleSourceNode().getAPropertyWrite("exports").getRhs().getALocalSource()
+    or
+    result = this.getModuleSourceNode().getAPropertyRead("exports")
   }
 
   /**
    * Gets an expression that is an alias for `module.exports`.
    * For performance this predicate only computes relevant expressions (in `getAModuleExportsCandidate`).
    * So if using this predicate - consider expanding the list of relevant expressions.
    */
-  DataFlow::AnalyzedNode getAModuleExportsNode() {
-    result = getAModuleExportsCandidate() and
-    result.getAValue() = this.getAModuleExportsValue()
+  deprecated DataFlow::AnalyzedNode getAModuleExportsNode() {
+    result = this.getExportsSourceNode().getALocalUse()
   }
 
   /** Gets a symbol exported by this module. */
@@ -64,21 +74,15 @@ class NodeModule extends Module {
     result = this.getAnImplicitlyExportedSymbol()
     or
     // getters and the like.
-    exists(DataFlow::PropWrite pwn |
-      pwn.getBase() = this.getAModuleExportsNode() and
-      result = pwn.getPropertyName()
-    )
+    result = this.getExportsSourceNode().getAPropertyWrite().getPropertyName()
   }
 
   override DataFlow::Node getAnExportedValue(string name) {
     // a property write whose base is `exports` or `module.exports`
-    exists(DataFlow::PropWrite pwn | result = pwn.getRhs() |
-      pwn.getBase() = this.getAModuleExportsNode() and
-      name = pwn.getPropertyName()
-    )
+    result = this.getExportsSourceNode().getAPropertyWrite(name).getRhs()
     or
     // a re-export using spread-operator. E.g. `const foo = require("./foo"); module.exports = {bar: bar, ...foo};`
-    exists(ObjectExpr obj | obj = this.getAModuleExportsNode().asExpr() |
+    exists(ObjectExpr obj | obj = this.getExportsSourceNode().asExpr() |
       result =
         obj.getAProperty()
             .(SpreadProperty)
@@ -99,16 +103,15 @@ class NodeModule extends Module {
     // }
     exists(DynamicPropertyAccess::EnumeratedPropName read, Import imp, DataFlow::PropWrite write |
       read.getSourceObject().getALocalSource().asExpr() = imp and
+      write = this.getExportsSourceNode().getAPropertyWrite() and
       getASourceProp(read) = write.getRhs() and
-      write.getBase() = this.getAModuleExportsNode() and
       write.getPropertyNameExpr().flow().getImmediatePredecessor*() = read and
       result = imp.getImportedModule().getAnExportedValue(name)
     )
     or
     // an externs definition (where appropriate)
     exists(PropAccess pacc | result = DataFlow::valueNode(pacc) |
-      pacc.getBase() = this.getAModuleExportsNode().asExpr() and
-      name = pacc.getPropertyName() and
+      pacc = this.getExportsSourceNode().getAPropertyRead(name).asExpr() and
       this.isExterns() and
       exists(pacc.getDocumentation())
     )

javascript/ql/lib/semmle/javascript/dataflow/AbstractValues.qll

@@ -390,7 +390,7 @@ class AbstractGlobalObject extends DefiniteAbstractValue, TAbstractGlobalObject
 /**
  * An abstract value representing a CommonJS `module` object.
  */
-class AbstractModuleObject extends DefiniteAbstractValue, TAbstractModuleObject {
+deprecated class AbstractModuleObject extends DefiniteAbstractValue, TAbstractModuleObject {
   /** Gets the module whose `module` object this abstract value represents. */
   Module getModule() { this = TAbstractModuleObject(result) }
 
@@ -414,7 +414,7 @@ class AbstractModuleObject extends DefiniteAbstractValue, TAbstractModuleObject
 /**
  * An abstract value representing a CommonJS `exports` object.
  */
-class AbstractExportsObject extends DefiniteAbstractValue, TAbstractExportsObject {
+deprecated class AbstractExportsObject extends DefiniteAbstractValue, TAbstractExportsObject {
   /** Gets the module whose `exports` object this abstract value represents. */
   Module getModule() { this = TAbstractExportsObject(result) }
 

javascript/ql/lib/semmle/javascript/dataflow/TypeInference.qll

@@ -30,7 +30,6 @@ import AbstractValues
 private import InferredTypes
 private import Refinements
 import internal.BasicExprTypeInference
-import internal.InterModuleTypeInference
 import internal.InterProceduralTypeInference
 import internal.PropertyTypeInference
 import internal.VariableTypeInference

javascript/ql/lib/semmle/javascript/dataflow/internal/AbstractValuesImpl.qll

@@ -43,10 +43,10 @@ newtype TAbstractValue =
   TAbstractArguments(Function f) { exists(f.getArgumentsVariable().getAnAccess()) } or
   /** An abstract representation of the global object. */
   TAbstractGlobalObject() or
-  /** An abstract representation of a `module` object. */
-  TAbstractModuleObject(Module m) or
-  /** An abstract representation of a `exports` object. */
-  TAbstractExportsObject(Module m) or
+  /** DEPRECATED. This abstract value is no longer tracked. */
+  deprecated TAbstractModuleObject(Module m) { none() } or
+  /** DEPRECATED. This abstract value is no longer tracked. */
+  deprecated TAbstractExportsObject(Module m) { none() } or
   /** An abstract representation of all objects arising from an object literal expression. */
   TAbstractObjectLiteral(ObjectExpr oe) or
   /**