Merge pull request github#8606 from asgerf/js/api-graph-api

JS/Python/Ruby: Document how API graphs should be interpreted

Author: asgerf

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll

@@ -144,9 +144,9 @@ private module AccessPaths {
       not param = base.getReceiver()
     |
       result = param and
-      name = param.getAnImmediateUse().asExpr().(Parameter).getName()
+      name = param.asSource().asExpr().(Parameter).getName()
       or
-      param.getAnImmediateUse().asExpr() instanceof DestructuringPattern and
+      param.asSource().asExpr() instanceof DestructuringPattern and
       result = param.getMember(name)
     )
   }

javascript/ql/lib/semmle/javascript/ApiGraphs.qll

@@ -29,7 +29,7 @@ private class PlainJsonParserCall extends JsonParserCall {
       callee =
         DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript", "json-cycle"],
           "parse") or
-      callee = API::moduleImport("replicator").getInstance().getMember("decode").getAnImmediateUse() or
+      callee = API::moduleImport("replicator").getInstance().getMember("decode").asSource() or
       callee = DataFlow::moduleImport("parse-json") or
       callee = DataFlow::moduleImport("json-parse-better-errors") or
       callee = DataFlow::moduleImport("json-safe-parse") or

javascript/ql/lib/semmle/javascript/JsonParsers.qll

@@ -134,7 +134,7 @@ module JsonSchema {
               .ref()
               .getMember(["addSchema", "validate", "compile", "compileAsync"])
               .getParameter(0)
-              .getARhs()
+              .asSink()
       }
     }
   }
@@ -184,7 +184,7 @@ module JsonSchema {
       override boolean getPolarity() { none() }
 
       override DataFlow::Node getAValidationResultAccess(boolean polarity) {
-        result = this.getReturn().getMember("error").getAnImmediateUse() and
+        result = this.getReturn().getMember("error").asSource() and
         polarity = false
       }
     }

javascript/ql/lib/semmle/javascript/JsonSchema.qll

@@ -14,7 +14,7 @@ class JsonStringifyCall extends DataFlow::CallNode {
       callee =
         DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript", "json-cycle"],
           "stringify") or
-      callee = API::moduleImport("replicator").getInstance().getMember("encode").getAnImmediateUse() or
+      callee = API::moduleImport("replicator").getInstance().getMember("encode").asSource() or
       callee =
         DataFlow::moduleImport([
             "json-stringify-safe", "json-stable-stringify", "stringify-object",

javascript/ql/lib/semmle/javascript/JsonStringifiers.qll

@@ -198,7 +198,7 @@ module Babel {
               .getMember(["transform", "transformSync", "transformAsync"])
               .getACall() and
         pred = call.getArgument(0) and
-        succ = [call, call.getParameter(2).getParameter(0).getAnImmediateUse()]
+        succ = [call, call.getParameter(2).getParameter(0).asSource()]
       )
     }
   }

javascript/ql/lib/semmle/javascript/frameworks/Babel.qll

@@ -14,7 +14,7 @@ module Cheerio {
   }
 
   /** Gets a reference to the `cheerio` function, possibly with a loaded DOM. */
-  DataFlow::SourceNode cheerioRef() { result = cheerioApi().getAUse() }
+  DataFlow::SourceNode cheerioRef() { result = cheerioApi().getAValueReachableFromSource() }
 
   /**
    * A creation of `cheerio` object, a collection of virtual DOM elements

javascript/ql/lib/semmle/javascript/frameworks/Cheerio.qll

@@ -39,7 +39,8 @@ module ClassValidator {
 
   /** Holds if the given field has a decorator that sanitizes its value for the purpose of taint tracking. */
   predicate isFieldSanitizedByDecorator(FieldDefinition field) {
-    field.getADecorator().getExpression().flow() = sanitizingDecorator().getReturn().getAUse()
+    field.getADecorator().getExpression().flow() =
+      sanitizingDecorator().getReturn().getAValueReachableFromSource()
   }
 
   pragma[noinline]

javascript/ql/lib/semmle/javascript/frameworks/ClassValidator.qll

@@ -265,7 +265,7 @@ module ClientRequest {
       or
       responseType = this.getResponseType() and
       promise = false and
-      result = this.getReturn().getPromisedError().getMember("response").getAnImmediateUse()
+      result = this.getReturn().getPromisedError().getMember("response").asSource()
     }
   }
 
@@ -463,7 +463,7 @@ module ClientRequest {
    */
   private API::Node netSocketInstantiation(DataFlow::NewNode socket) {
     result = API::moduleImport("net").getMember("Socket").getInstance() and
-    socket = result.getAnImmediateUse()
+    socket = result.asSource()
   }
 
   /**
@@ -827,7 +827,7 @@ module ClientRequest {
     class ApolloClientRequest extends ClientRequest::Range, API::InvokeNode {
       ApolloClientRequest() { this = apolloUriCallee().getAnInvocation() }
 
-      override DataFlow::Node getUrl() { result = this.getParameter(0).getMember("uri").getARhs() }
+      override DataFlow::Node getUrl() { result = this.getParameter(0).getMember("uri").asSink() }
 
       override DataFlow::Node getHost() { none() }
 
@@ -848,10 +848,10 @@ module ClientRequest {
 
     override DataFlow::Node getUrl() { result = this.getArgument(0) }
 
-    override DataFlow::Node getHost() { result = this.getParameter(0).getMember("host").getARhs() }
+    override DataFlow::Node getHost() { result = this.getParameter(0).getMember("host").asSink() }
 
     override DataFlow::Node getADataNode() {
-      result = form.getMember("append").getACall().getParameter(1).getARhs()
+      result = form.getMember("append").getACall().getParameter(1).asSink()
     }
   }
 }

javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll

@@ -21,7 +21,7 @@ private class CredentialsFromModel extends CredentialsExpr {
   string kind;
 
   CredentialsFromModel() {
-    this = ModelOutput::getASinkNode("credentials[" + kind + "]").getARhs().asExpr()
+    this = ModelOutput::getASinkNode("credentials[" + kind + "]").asSink().asExpr()
   }
 
   override string getCredentialsKind() { result = kind }