@@ -254,9 +254,15 @@ class GraphqlFieldDefinitionMethodCall extends GraphqlSchemaObjectClassMethodCal
254254 /** Gets the name of this GraphQL field. */
255255 string getFieldName ( ) { result = this .getArgument ( 0 ) .getConstantValue ( ) .getStringlikeValue ( ) }
256256
257+ /**
258+ * Gets the type of this field.
259+ */
257260 GraphqlType getFieldType ( ) { result = this .getArgument ( 1 ) }
258261
259- GraphqlFieldArgumentDefinitionMethodCall getArgumentCall ( ) {
262+ /**
263+ * Gets an argument call inside this field definition.
264+ */
265+ GraphqlFieldArgumentDefinitionMethodCall getAnArgumentCall ( ) {
260266 result .getEnclosingCallable ( ) = this .getBlock ( )
261267 }
262268}
@@ -300,20 +306,20 @@ private class GraphqlFieldArgumentDefinitionMethodCall extends GraphqlSchemaObje
300306 GraphqlType getArgumentType ( ) { result = this .getArgument ( 1 ) }
301307}
302308
303- private DataFlow:: LocalSourceNode graphQlEnum ( ) {
304- result =
305- API:: getTopLevelMember ( "GraphQL" )
306- .getMember ( "Schema" )
307- .getMember ( "Enum" )
308- .getADescendentModule ( )
309- .getAnImmediateReference ( )
310- }
311-
312309private class GraphqlType extends ConstantAccess {
310+ /**
311+ * Gets the module corresponding to this type, if it exists.
312+ */
313313 Module getModule ( ) { result .getAnImmediateReference ( ) = this }
314314
315+ /**
316+ * Gets a field of this type, if it is an object type.
317+ */
315318 GraphqlType getAField ( ) { result = this .getField ( _) }
316319
320+ /**
321+ * Gets the field of this type named `name`, if it exists.
322+ */
317323 GraphqlType getField ( string name ) {
318324 result =
319325 any ( GraphqlFieldDefinitionMethodCall field |
@@ -322,10 +328,22 @@ private class GraphqlType extends ConstantAccess {
322328 ) .getFieldType ( )
323329 }
324330
325- predicate isEnum ( ) { graphQlEnum ( ) .asExpr ( ) .getExpr ( ) = this }
326-
327- predicate isUserControlled ( ) { this .getName ( ) = [ "String" , "ID" , "JSON" ] }
331+ /**
332+ * Holds if this type is an enum.
333+ */
334+ predicate isEnum ( ) {
335+ API:: getTopLevelMember ( "GraphQL" )
336+ .getMember ( "Schema" )
337+ .getMember ( "Enum" )
338+ .getADescendentModule ( )
339+ .getAnImmediateReference ( )
340+ .asExpr ( )
341+ .getExpr ( ) = this
342+ }
328343
344+ /**
345+ * Holds if this type is scalar - i.e. it is neither an object or an enum.
346+ */
329347 predicate isScalar ( ) { not exists ( this .getAField ( ) ) and not this .isEnum ( ) }
330348}
331349
@@ -401,7 +419,7 @@ class GraphqlFieldResolutionMethod extends Method, Http::Server::RequestHandler:
401419 override Parameter getARoutedParameter ( ) {
402420 result = this .getAParameter ( ) and
403421 exists ( GraphqlFieldArgumentDefinitionMethodCall argDefn |
404- argDefn = this .getDefinition ( ) .getArgumentCall ( )
422+ argDefn = this .getDefinition ( ) .getAnArgumentCall ( )
405423 |
406424 result .( KeywordParameter ) .hasName ( argDefn .getArgumentName ( ) )
407425 )
@@ -426,7 +444,7 @@ private DataFlow::CallNode parameterAccess(
426444 HashSplatParameter param , string key , GraphqlType type
427445) {
428446 param = method .getARoutedParameter ( ) and
429- def = method .getDefinition ( ) .getArgumentCall ( ) and
447+ def = method .getDefinition ( ) .getAnArgumentCall ( ) and
430448 (
431449 // Direct access to the params hash
432450 def .getArgumentType ( ) = type and
0 commit comments