JS: Add store step into namespace re-export specifier

asgerf · asgerf · commit 55b9724f595e · 2024-04-17T14:14:12.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
@@ -7,6 +7,7 @@
 
 import javascript
 private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps
+private import semmle.javascript.dataflow.internal.PreCallGraphStep
 private import internal.CachedStages
 
 /**
@@ -769,6 +770,12 @@ module API {
             rhs = m.getAnExportedValue(prop)
           )
           or
+          // In general, turn store steps into member steps for def-nodes
+          exists(string prop |
+            PreCallGraphStep::storeStep(rhs, pred, prop) and
+            lbl = Label::member(prop)
+          )
+          or
           exists(DataFlow::FunctionNode fn |
             fn = pred and
             lbl = Label::return()
diff --git a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll
@@ -510,6 +510,9 @@ class ExportNamedDeclaration extends ExportDeclaration, @export_named_declaratio
       or
       exists(ReExportDeclaration red | red = this |
         result = red.getReExportedES2015Module().getAnExport().getSourceNode(spec.getLocalName())
+        or
+        spec instanceof ExportNamespaceSpecifier and
+        result = DataFlow::valueNode(spec)
       )
     )
   }
@@ -524,6 +527,19 @@ class ExportNamedDeclaration extends ExportDeclaration, @export_named_declaratio
   ExportSpecifier getASpecifier() { result = this.getSpecifier(_) }
 }
 
+private import semmle.javascript.dataflow.internal.PreCallGraphStep
+
+private class ExportNamespaceStep extends PreCallGraphStep {
+  override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) {
+    exists(ExportNamedDeclaration exprt, ExportNamespaceSpecifier spec |
+      spec = exprt.getASpecifier() and
+      pred =
+        exprt.(ReExportDeclaration).getReExportedES2015Module().getAnExport().getSourceNode(prop) and
+      succ = DataFlow::valueNode(spec)
+    )
+  }
+}
+
 /**
  * An export declaration with the `type` modifier.
  */
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
@@ -322,6 +322,7 @@ module SourceNode {
         astNode instanceof FunctionBindExpr or
         astNode instanceof DynamicImportExpr or
         astNode instanceof ImportSpecifier or
+        astNode instanceof ExportNamespaceSpecifier or
         astNode instanceof ImportMetaExpr or
         astNode instanceof TaggedTemplateExpr or
         astNode instanceof Templating::PipeRefExpr or
diff --git a/javascript/ql/test/ApiGraphs/reexport/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/reexport/VerifyAssertions.expected
@@ -1 +0,0 @@
-| lib/esmodule-reexported2.js:1:26:1:137 | /* def= ... wo") */ | def moduleImport("reexport").getMember("exports").getMember("esmodule") has no outgoing edge labelled getMember("lib2"); it does have outgoing edges labelled getMember("one"). |

Original file line number	Diff line number	Diff line change
`@@ -1 +0,0 @@`
`1`		`-\| lib/esmodule-reexported2.js:1:26:1:137 \| /* def= ... wo") */ \| def moduleImport("reexport").getMember("exports").getMember("esmodule") has no outgoing edge labelled getMember("lib2"); it does have outgoing edges labelled getMember("one"). \|`