make ApiLabel into a IPA type, and cache the public API of ApiGraphs

erik-krogh · erik-krogh · commit 089d030bc26b · 2021-11-22T09:03:33.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/D3.qll b/javascript/ql/lib/semmle/javascript/frameworks/D3.qll
@@ -23,7 +23,7 @@ module D3 {
     or
     result = API::moduleImport("d3-node").getInstance().getMember("d3")
     or
-    result = API::root().getASuccessor(any(D3GlobalEntry i))
+    result = any(D3GlobalEntry i).getNode()
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/History.qll b/javascript/ql/lib/semmle/javascript/frameworks/History.qll
@@ -17,7 +17,7 @@ module History {
    * Gets a reference to the [`history`](https://npmjs.org/package/history) library.
    */
   private API::Node history() {
-    result = [API::moduleImport("history"), API::root().getASuccessor(any(HistoryGlobalEntry h))]
+    result = [API::moduleImport("history"), any(HistoryGlobalEntry h).getNode()]
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll b/javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll
@@ -27,7 +27,7 @@ private module Immutable {
   API::Node immutableImport() {
     result = API::moduleImport("immutable")
     or
-    result = API::root().getASuccessor(any(ImmutableGlobalEntry i))
+    result = any(ImmutableGlobalEntry i).getNode()
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Logging.qll b/javascript/ql/lib/semmle/javascript/frameworks/Logging.qll
@@ -45,7 +45,7 @@ private module Console {
    */
   private API::Node console() {
     result = API::moduleImport("console") or
-    result = API::root().getASuccessor(any(ConsoleGlobalEntry e))
+    result = any(ConsoleGlobalEntry e).getNode()
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Nest.qll b/javascript/ql/lib/semmle/javascript/frameworks/Nest.qll
@@ -151,7 +151,7 @@ module NestJS {
   private API::Node validationPipe() {
     result = nestjs().getMember("ValidationPipe")
     or
-    result = API::root().getASuccessor(any(ValidationNodeEntry e))
+    result = any(ValidationNodeEntry e).getNode()
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Redux.qll b/javascript/ql/lib/semmle/javascript/frameworks/Redux.qll
@@ -1111,9 +1111,7 @@ module Redux {
 
     /** A heuristic call to `connect`, recognized by it taking arguments named `mapStateToProps` and `mapDispatchToProps`. */
     private class HeuristicConnectFunction extends ConnectCall {
-      HeuristicConnectFunction() {
-        this = API::root().getASuccessor(any(HeuristicConnectEntryPoint e)).getACall()
-      }
+      HeuristicConnectFunction() { this = any(HeuristicConnectEntryPoint e).getNode().getACall() }
 
       override API::Node getMapStateToProps() {
         result = getAParameter() and
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll b/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll
@@ -35,7 +35,7 @@ module Vue {
   API::Node vueLibrary() {
     result = API::moduleImport("vue")
     or
-    result = API::root().getASuccessor(any(GlobalVueEntryPoint e))
+    result = any(GlobalVueEntryPoint e).getNode()
   }
 
   /**
@@ -51,7 +51,7 @@ module Vue {
     or
     result = vueLibrary().getMember("component").getReturn()
     or
-    result = API::root().getASuccessor(any(VueFileImportEntryPoint e))
+    result = any(VueFileImportEntryPoint e).getNode()
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll
@@ -233,6 +233,43 @@ module Stages {
     }
   }
 
+  /**
+   * The `APIStage` stage.
+   */
+  cached
+  module APIStage {
+    /**
+     * Always holds.
+     * Ensures that a predicate is evaluated as part of the APIStage stage.
+     */
+    cached
+    predicate ref() { 1 = 1 }
+
+    /**
+     * DONT USE!
+     * Contains references to each predicate that use the above `ref` predicate.
+     */
+    cached
+    predicate backref() {
+      1 = 1
+      or
+      exists(
+        API::moduleImport("foo")
+            .getMember("bar")
+            .getUnknownMember()
+            .getAMember()
+            .getAParameter()
+            .getPromised()
+            .getReturn()
+            .getParameter(2)
+            .getUnknownMember()
+            .getInstance()
+            .getReceiver()
+            .getPromisedError()
+      )
+    }
+  }
+
   /**
    * The `taint` stage.
    */
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
@@ -211,11 +211,9 @@ module ExternalAPIUsedWithUntrustedData {
         node = getNamedParameter(base.getAParameter(), paramName) and
         result = basename + ".[callback].[param '" + paramName + "']"
         or
-        exists(string callbackName, string index |
-          node =
-            getNamedParameter(base.getASuccessor("parameter " + index).getMember(callbackName),
-              paramName) and
-          index != "-1" and // ignore receiver
+        exists(string callbackName, int index |
+          node = getNamedParameter(base.getParameter(index).getMember(callbackName), paramName) and
+          index != -1 and // ignore receiver
           result =
             basename + ".[callback " + index + " '" + callbackName + "'].[param '" + paramName +
               "']"
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
@@ -117,16 +117,23 @@ private class RemoteFlowSourceAccessPath extends JSONString {
   string getSourceType() { result = sourceType }
 
   /** Gets the `i`th component of the access path specifying this remote flow source. */
-  string getComponent(int i) {
+  API::ApiLabel getComponent(int i) {
     exists(string raw | raw = this.getValue().splitAt(".", i + 1) |
       i = 0 and
-      result = "ExternalRemoteFlowSourceSpec " + raw
+      result
+          .(API::EdgeLabel::LabelEntryPoint)
+          .getEntryPoint()
+          .(ExternalRemoteFlowSourceSpecEntryPoint)
+          .getName() = raw
       or
       i > 0 and
       result = API::EdgeLabel::member(raw)
     )
   }
 
+  /** Gets the first part of this access path. E.g. for "window.user.name" the result is "window". */
+  string getRootPath() { result = this.getValue().splitAt(".", 1) }
+
   /** Gets the index of the last component of this access path. */
   int getMaxComponentIndex() { result = max(int i | exists(getComponent(i))) }
 
@@ -154,10 +161,12 @@ private class ExternalRemoteFlowSourceSpecEntryPoint extends API::EntryPoint {
   string name;
 
   ExternalRemoteFlowSourceSpecEntryPoint() {
-    this = any(RemoteFlowSourceAccessPath s).getComponent(0) and
+    name = any(RemoteFlowSourceAccessPath s).getRootPath() and
     this = "ExternalRemoteFlowSourceSpec " + name
   }
 
+  string getName() { result = name }
+
   override DataFlow::SourceNode getAUse() { result = DataFlow::globalVarRef(name) }
 
   override DataFlow::Node getARhs() { none() }
diff --git a/javascript/ql/src/meta/ApiGraphs/ApiGraphEdges.ql b/javascript/ql/src/meta/ApiGraphs/ApiGraphEdges.ql
@@ -12,4 +12,4 @@ import javascript
 import meta.MetaMetrics
 
 select projectRoot(),
-  count(API::Node pred, string lbl, API::Node succ | succ = pred.getASuccessor(lbl))
+  count(API::Node pred, API::ApiLabel lbl, API::Node succ | succ = pred.getASuccessor(lbl))
diff --git a/javascript/ql/test/ApiGraphs/VerifyAssertions.qll b/javascript/ql/test/ApiGraphs/VerifyAssertions.qll
@@ -62,7 +62,8 @@ class Assertion extends Comment {
     i = getPathLength() and
     result = API::root()
     or
-    result = lookup(i + 1).getASuccessor(getEdgeLabel(i))
+    result =
+      lookup(i + 1).getASuccessor(any(API::ApiLabel label | label.toString() = getEdgeLabel(i)))
   }
 
   predicate isNegative() { polarity = "!" }
@@ -79,7 +80,11 @@ class Assertion extends Comment {
       then
         suffix =
           "it does have outgoing edges labelled " +
-            concat(string lbl | exists(nd.getASuccessor(lbl)) | lbl, ", ") + "."
+            concat(string lbl |
+              exists(nd.getASuccessor(any(API::ApiLabel label | label.toString() = lbl)))
+            |
+              lbl, ", "
+            ) + "."
       else suffix = "it has no outgoing edges at all."
     |
       result = prefix + " " + suffix

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ module D3 {`
`23`	`23`	`or`
`24`	`24`	`result = API::moduleImport("d3-node").getInstance().getMember("d3")`
`25`	`25`	`or`
`26`		`- result = API::root().getASuccessor(any(D3GlobalEntry i))`
	`26`	`+ result = any(D3GlobalEntry i).getNode()`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ module History {`
`17`	`17`	* Gets a reference to the [`history`](https://npmjs.org/package/history) library.
`18`	`18`	`*/`
`19`	`19`	`private API::Node history() {`
`20`		`- result = [API::moduleImport("history"), API::root().getASuccessor(any(HistoryGlobalEntry h))]`
	`20`	`+ result = [API::moduleImport("history"), any(HistoryGlobalEntry h).getNode()]`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ private module Immutable {`
`27`	`27`	`API::Node immutableImport() {`
`28`	`28`	`result = API::moduleImport("immutable")`
`29`	`29`	`or`
`30`		`- result = API::root().getASuccessor(any(ImmutableGlobalEntry i))`
	`30`	`+ result = any(ImmutableGlobalEntry i).getNode()`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ private module Console {`
`45`	`45`	`*/`
`46`	`46`	`private API::Node console() {`
`47`	`47`	`result = API::moduleImport("console") or`
`48`		`- result = API::root().getASuccessor(any(ConsoleGlobalEntry e))`
	`48`	`+ result = any(ConsoleGlobalEntry e).getNode()`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -151,7 +151,7 @@ module NestJS {`
`151`	`151`	`private API::Node validationPipe() {`
`152`	`152`	`result = nestjs().getMember("ValidationPipe")`
`153`	`153`	`or`
`154`		`- result = API::root().getASuccessor(any(ValidationNodeEntry e))`
	`154`	`+ result = any(ValidationNodeEntry e).getNode()`
`155`	`155`	`}`
`156`	`156`
`157`	`157`	`/**`