JS: Also do this for use-steps and exclude pseudo-properties

Author: asgerf

javascript/ql/lib/semmle/javascript/ApiGraphs.qll

@@ -773,7 +773,8 @@ module API {
           // In general, turn store steps into member steps for def-nodes
           exists(string prop |
             PreCallGraphStep::storeStep(rhs, pred, prop) and
-            lbl = Label::member(prop)
+            lbl = Label::member(prop) and
+            not DataFlow::PseudoProperties::isPseudoProperty(prop)
           )
           or
           exists(DataFlow::FunctionNode fn |
@@ -941,7 +942,6 @@ module API {
           (base instanceof TNonModuleDef or base instanceof TUse)
         )
         or
-        // invocations
         exists(DataFlow::SourceNode src, DataFlow::SourceNode pred |
           use(base, src) and pred = trackUseNode(src)
         |
@@ -962,6 +962,13 @@ module API {
             or
             ref = cls.getAClassReference().getAnInstantiation()
           )
+          or
+          exists(string prop |
+            PreCallGraphStep::loadStep(pred.getALocalUse(), ref, prop) and
+            lbl = Label::member(prop) and
+            // avoid generating member edges like "$arrayElement$"
+            not DataFlow::PseudoProperties::isPseudoProperty(prop)
+          )
         )
         or
         exists(DataFlow::Node def, DataFlow::FunctionNode fn |

javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll

@@ -704,6 +704,10 @@ module SharedFlowStep {
  * For use with load/store steps in `DataFlow::SharedFlowStep` and TypeTracking.
  */
 module PseudoProperties {
+  /** Holds if `s` is a pseudo-property. */
+  bindingset[s]
+  predicate isPseudoProperty(string s) { s.matches("$%$") }
+
   bindingset[s]
   private string pseudoProperty(string s) { result = "$" + s + "$" }