Skip to content

Commit ec2ba73

Browse files
author
Max Schaefer
committed
JavaScript: Update Dependencies library to not rely on Files being Locatable.
Previously, we would consider an HTML file to be a dependent of all scripts embedded in it. Now we instead consider each JavaScript toplevel inside the HTML file to be a dependent, which is more sensible anyway.
1 parent 7487c79 commit ec2ba73

File tree

3 files changed

+91
-32
lines changed

3 files changed

+91
-32
lines changed

javascript/ql/src/semmle/javascript/dependencies/Dependencies.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,8 @@ abstract class ScriptDependency extends Dependency {
194194
abstract Expr getAnApiUse();
195195

196196
override Locatable getAUse(string kind) {
197-
kind = "import" and result.(HTML::HtmlFile) = this.getFile()
197+
kind = "import" and
198+
result = this.getFile().(HTML::HtmlFile).getATopLevel()
198199
or
199200
kind = "use" and result = getAnApiUse()
200201
}

javascript/ql/test/library-tests/dependencies/DependencyUses.expected

Lines changed: 87 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,50 +1,108 @@
1-
| angular-ui-bootstrap-2.1.2 | import | src/tst.html:0:0:0:0 | src/tst.html |
2-
| angularjs-1.5.8 | import | src/tst.html:0:0:0:0 | src/tst.html |
3-
| angularjs-2.0.0-beta.17 | import | src/tst.html:0:0:0:0 | src/tst.html |
4-
| bootstrap-3.3.7 | import | src/tst.html:0:0:0:0 | src/tst.html |
1+
| angular-ui-bootstrap-2.1.2 | import | src/tst.html:2:11:5:2 | <toplevel> |
2+
| angular-ui-bootstrap-2.1.2 | import | src/tst.html:6:11:8:2 | <toplevel> |
3+
| angular-ui-bootstrap-2.1.2 | import | src/tst.html:50:11:53:2 | <toplevel> |
4+
| angularjs-1.5.8 | import | src/tst.html:2:11:5:2 | <toplevel> |
5+
| angularjs-1.5.8 | import | src/tst.html:6:11:8:2 | <toplevel> |
6+
| angularjs-1.5.8 | import | src/tst.html:50:11:53:2 | <toplevel> |
7+
| angularjs-2.0.0-beta.17 | import | src/tst.html:2:11:5:2 | <toplevel> |
8+
| angularjs-2.0.0-beta.17 | import | src/tst.html:6:11:8:2 | <toplevel> |
9+
| angularjs-2.0.0-beta.17 | import | src/tst.html:50:11:53:2 | <toplevel> |
10+
| bootstrap-3.3.7 | import | src/tst.html:2:11:5:2 | <toplevel> |
11+
| bootstrap-3.3.7 | import | src/tst.html:6:11:8:2 | <toplevel> |
12+
| bootstrap-3.3.7 | import | src/tst.html:50:11:53:2 | <toplevel> |
513
| bootstrap-3.3.7 | use | src/tst.html:52:5:52:5 | $ |
614
| bundled-package-23.42.0 | import | src/tst.js:1:1:1:26 | require ... ckage") |
715
| closure-unknown | import | src/closure-test.js:1:1:3:20 | <toplevel> |
8-
| dojo-1.11.2 | import | src/tst.html:0:0:0:0 | src/tst.html |
16+
| dojo-1.11.2 | import | src/tst.html:2:11:5:2 | <toplevel> |
17+
| dojo-1.11.2 | import | src/tst.html:6:11:8:2 | <toplevel> |
18+
| dojo-1.11.2 | import | src/tst.html:50:11:53:2 | <toplevel> |
919
| esprima-0.9.0 | import | src/tst.js:2:1:2:18 | require("esprima") |
10-
| extjs-6.0.1 | import | src/tst.html:0:0:0:0 | src/tst.html |
11-
| footools-1.2.3 | import | src/tst.html:0:0:0:0 | src/tst.html |
12-
| jquery-1.12.4 | import | src/tst.html:0:0:0:0 | src/tst.html |
20+
| extjs-6.0.1 | import | src/tst.html:2:11:5:2 | <toplevel> |
21+
| extjs-6.0.1 | import | src/tst.html:6:11:8:2 | <toplevel> |
22+
| extjs-6.0.1 | import | src/tst.html:50:11:53:2 | <toplevel> |
23+
| footools-1.2.3 | import | src/tst.html:2:11:5:2 | <toplevel> |
24+
| footools-1.2.3 | import | src/tst.html:6:11:8:2 | <toplevel> |
25+
| footools-1.2.3 | import | src/tst.html:50:11:53:2 | <toplevel> |
26+
| jquery-1.12.4 | import | src/tst.html:2:11:5:2 | <toplevel> |
27+
| jquery-1.12.4 | import | src/tst.html:6:11:8:2 | <toplevel> |
28+
| jquery-1.12.4 | import | src/tst.html:50:11:53:2 | <toplevel> |
1329
| jquery-1.12.4 | use | src/tst.html:52:5:52:5 | $ |
14-
| jquery-2.0.1 | import | src/tst.html:0:0:0:0 | src/tst.html |
30+
| jquery-2.0.1 | import | src/tst.html:2:11:5:2 | <toplevel> |
31+
| jquery-2.0.1 | import | src/tst.html:6:11:8:2 | <toplevel> |
32+
| jquery-2.0.1 | import | src/tst.html:50:11:53:2 | <toplevel> |
1533
| jquery-2.0.1 | use | src/tst.html:4:3:4:3 | _ |
1634
| jquery-2.0.1 | use | src/tst.html:7:5:7:5 | _ |
1735
| jquery-2.0.1 | use | src/tst.html:52:5:52:5 | $ |
18-
| jquery-2.2.4 | import | src/tst.html:0:0:0:0 | src/tst.html |
36+
| jquery-2.2.4 | import | src/tst.html:2:11:5:2 | <toplevel> |
37+
| jquery-2.2.4 | import | src/tst.html:6:11:8:2 | <toplevel> |
38+
| jquery-2.2.4 | import | src/tst.html:50:11:53:2 | <toplevel> |
1939
| jquery-2.2.4 | use | src/tst.html:52:5:52:5 | $ |
20-
| jquery-3.1.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
40+
| jquery-3.1.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
41+
| jquery-3.1.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
42+
| jquery-3.1.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
2143
| jquery-3.1.0 | use | src/tst.html:52:5:52:5 | $ |
22-
| jquery-mobile-1.4.5 | import | src/tst.html:0:0:0:0 | src/tst.html |
23-
| jquery-textext-1.3.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
24-
| jquery-ui-1.7.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
44+
| jquery-mobile-1.4.5 | import | src/tst.html:2:11:5:2 | <toplevel> |
45+
| jquery-mobile-1.4.5 | import | src/tst.html:6:11:8:2 | <toplevel> |
46+
| jquery-mobile-1.4.5 | import | src/tst.html:50:11:53:2 | <toplevel> |
47+
| jquery-textext-1.3.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
48+
| jquery-textext-1.3.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
49+
| jquery-textext-1.3.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
50+
| jquery-ui-1.7.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
51+
| jquery-ui-1.7.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
52+
| jquery-ui-1.7.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
2553
| jquery-ui-1.7.0 | use | src/tst.html:52:5:52:8 | $.ui |
26-
| jquery-ui-1.12.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
54+
| jquery-ui-1.12.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
55+
| jquery-ui-1.12.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
56+
| jquery-ui-1.12.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
2757
| jquery-ui-1.12.0 | use | src/tst.html:52:5:52:8 | $.ui |
28-
| knockout-3.4.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
29-
| lodash-2.0.2 | import | src/tst.html:0:0:0:0 | src/tst.html |
58+
| knockout-3.4.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
59+
| knockout-3.4.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
60+
| knockout-3.4.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
61+
| lodash-2.0.2 | import | src/tst.html:2:11:5:2 | <toplevel> |
62+
| lodash-2.0.2 | import | src/tst.html:6:11:8:2 | <toplevel> |
63+
| lodash-2.0.2 | import | src/tst.html:50:11:53:2 | <toplevel> |
3064
| lodash-2.0.2 | use | src/tst.html:4:3:4:3 | _ |
3165
| lodash-2.0.2 | use | src/tst.html:7:5:7:5 | _ |
3266
| lodash-2.0.2 | use | src/tst.html:52:5:52:5 | $ |
33-
| lodash-3.4.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
67+
| lodash-3.4.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
68+
| lodash-3.4.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
69+
| lodash-3.4.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
3470
| lodash-3.4.0 | use | src/tst.html:4:3:4:3 | _ |
3571
| lodash-3.4.0 | use | src/tst.html:7:5:7:5 | _ |
36-
| lodash-4.15.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
72+
| lodash-4.15.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
73+
| lodash-4.15.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
74+
| lodash-4.15.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
3775
| lodash-4.15.0 | use | src/tst.html:4:3:4:3 | _ |
3876
| lodash-4.15.0 | use | src/tst.html:7:5:7:5 | _ |
39-
| modernizr-2.8.3 | import | src/tst.html:0:0:0:0 | src/tst.html |
40-
| mootools-1.6.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
41-
| polymer-0.3.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
42-
| prototype-1.7.3 | import | src/tst.html:0:0:0:0 | src/tst.html |
43-
| react-15.3.1 | import | src/tst.html:0:0:0:0 | src/tst.html |
44-
| scriptaculous-1.9.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
45-
| swagger-ui-1.0.12 | import | src/tst.html:0:0:0:0 | src/tst.html |
46-
| underscore-1.8.3 | import | src/tst.html:0:0:0:0 | src/tst.html |
77+
| modernizr-2.8.3 | import | src/tst.html:2:11:5:2 | <toplevel> |
78+
| modernizr-2.8.3 | import | src/tst.html:6:11:8:2 | <toplevel> |
79+
| modernizr-2.8.3 | import | src/tst.html:50:11:53:2 | <toplevel> |
80+
| mootools-1.6.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
81+
| mootools-1.6.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
82+
| mootools-1.6.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
83+
| polymer-0.3.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
84+
| polymer-0.3.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
85+
| polymer-0.3.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
86+
| prototype-1.7.3 | import | src/tst.html:2:11:5:2 | <toplevel> |
87+
| prototype-1.7.3 | import | src/tst.html:6:11:8:2 | <toplevel> |
88+
| prototype-1.7.3 | import | src/tst.html:50:11:53:2 | <toplevel> |
89+
| react-15.3.1 | import | src/tst.html:2:11:5:2 | <toplevel> |
90+
| react-15.3.1 | import | src/tst.html:6:11:8:2 | <toplevel> |
91+
| react-15.3.1 | import | src/tst.html:50:11:53:2 | <toplevel> |
92+
| scriptaculous-1.9.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
93+
| scriptaculous-1.9.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
94+
| scriptaculous-1.9.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
95+
| swagger-ui-1.0.12 | import | src/tst.html:2:11:5:2 | <toplevel> |
96+
| swagger-ui-1.0.12 | import | src/tst.html:6:11:8:2 | <toplevel> |
97+
| swagger-ui-1.0.12 | import | src/tst.html:50:11:53:2 | <toplevel> |
98+
| underscore-1.8.3 | import | src/tst.html:2:11:5:2 | <toplevel> |
99+
| underscore-1.8.3 | import | src/tst.html:6:11:8:2 | <toplevel> |
100+
| underscore-1.8.3 | import | src/tst.html:50:11:53:2 | <toplevel> |
47101
| underscore-1.8.3 | use | src/tst.html:4:3:4:3 | _ |
48102
| underscore-1.8.3 | use | src/tst.html:7:5:7:5 | _ |
49-
| vue-0.7.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
50-
| yui-3.18.0 | import | src/tst.html:0:0:0:0 | src/tst.html |
103+
| vue-0.7.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
104+
| vue-0.7.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
105+
| vue-0.7.0 | import | src/tst.html:50:11:53:2 | <toplevel> |
106+
| yui-3.18.0 | import | src/tst.html:2:11:5:2 | <toplevel> |
107+
| yui-3.18.0 | import | src/tst.html:6:11:8:2 | <toplevel> |
108+
| yui-3.18.0 | import | src/tst.html:50:11:53:2 | <toplevel> |

javascript/ql/test/query-tests/Metrics/ExternalDependencies/ExternalDependencies.expected

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1+
| /src/tst.html<\|>jquery<\|>23.0.0 | 4 |
12
| /src/a.js<\|>lib3<\|>unknown | 3 |
2-
| /src/tst.html<\|>jquery<\|>23.0.0 | 3 |
3+
| /src/tst.html<\|>jquery<\|>42.0.0 | 3 |
34
| /src/a.js<\|>lib1<\|>1.0.2 | 2 |
45
| /src/b.js<\|>lib3<\|>unknown | 2 |
5-
| /src/tst.html<\|>jquery<\|>42.0.0 | 2 |
66
| /src/a.js<\|>lib2<\|>1.0.0 | 1 |
77
| /src/b.js<\|>lib2<\|>1.0.0 | 1 |
88
| /src/sub/c.js<\|>lib1<\|>1.0.2 | 1 |

0 commit comments

Comments
 (0)