JS: Ignore more webpack modules

asgerf · asgerf · commit 1c2fdc8df948 · 2023-04-19T10:29:14.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Bundling.qll b/javascript/ql/lib/semmle/javascript/frameworks/Bundling.qll
@@ -106,10 +106,10 @@ private predicate isBrowserifyDependencyMap(ObjectExpr deps) {
  * or their name must contain the substring "webpack_require"
  * or "webpack_module_template_argument".
  */
-private predicate isWebpackModule(FunctionExpr m) {
+private predicate isWebpackModule(Function m) {
   forex(Parameter parm | parm = m.getAParameter() |
     exists(string name | name = parm.getName() |
-      name.regexpMatch("module|exports|.*webpack_require.*|.*webpack_module_template_argument.*")
+      name.regexpMatch("module|exports|.*webpack_require.*|.*webpack_module_template_argument.*|.*unused_webpack_module.*")
     )
   )
 }
@@ -161,6 +161,23 @@ predicate isWebpackBundle(ArrayExpr ae) {
   )
 }
 
+/**
+ * Holds if `object` looks like a Webpack bundle of form:
+ * ```javascript
+ * var __webpack_modules__ = ({
+ *   "file1": ((module, __webpack__exports__, __webpack_require__) => ...)
+ *   ...
+ * })
+ * ```
+ */
+predicate isWebpackNamedBundle(ObjectExpr object) {
+  isWebpackModule(object.getAProperty().getInit().getUnderlyingValue()) and
+  exists(VarDef def |
+    def.getSource().(Expr).getUnderlyingValue() = object and
+    def.getTarget().(VarRef).getName() = "__webpack_modules__"
+  )
+}
+
 /**
  * Holds if `tl` is a collection of concatenated files by [atpackager](https://github.com/ariatemplates/atpackager).
  */
@@ -233,7 +250,8 @@ predicate isDirectiveBundle(TopLevel tl) { exists(BundleDirective d | d.getTopLe
 predicate isBundle(TopLevel tl) {
   exists(Expr e | e.getTopLevel() = tl |
     isBrowserifyBundle(e) or
-    isWebpackBundle(e)
+    isWebpackBundle(e) or
+    isWebpackNamedBundle(e)
   )
   or
   isMultiPartBundle(tl)
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/RegExpTreeView.qll b/javascript/ql/lib/semmle/javascript/security/regexp/RegExpTreeView.qll
@@ -4,6 +4,7 @@
 
 private import codeql.regex.nfa.NfaUtils as NfaUtils
 private import codeql.regex.RegexTreeView
+private import semmle.javascript.frameworks.Bundling
 
 /** An implementation that parses a regular expression into a tree of `RegExpTerm`s. */
 module RegExpTreeView implements RegexTreeViewSig {
@@ -42,7 +43,11 @@ module RegExpTreeView implements RegexTreeViewSig {
    *
    * For javascript we make the pragmatic performance optimization to ignore minified files.
    */
-  predicate isExcluded(RegExpParent parent) { parent.(Expr).getTopLevel().isMinified() }
+  predicate isExcluded(RegExpParent parent) {
+    parent.(Expr).getTopLevel().isMinified()
+    or
+    isBundle(parent.(Expr).getTopLevel())
+  }
 
   /**
    * Holds if `root` has the `i` flag for case-insensitive matching.
