NestJS dependency Injection support useFactory provider

Author: Vasco-jofra

javascript/ql/lib/semmle/javascript/frameworks/Nest.qll

@@ -519,12 +519,20 @@ module NestJS {
           .(DataFlow::ArrayCreationNode)
           .getAnElement()
   }
+  private DataFlow::Node getConcreteClassFromProviderTuple(DataFlow::SourceNode tuple) {
+    result = tuple.getAPropertyWrite("useClass").getRhs()
+    or
+    exists(DataFlow::FunctionNode f |
+      f = tuple.getAPropertyWrite("useFactory").getRhs().getALocalSource() and
+      result.getAstNode() = f.getFunction().getAReturnedExpr().getType().(ClassType).getClass()
+    )
+  }
 
   private predicate providerPair(DataFlow::Node interface, DataFlow::Node concreteClass) {
     exists(DataFlow::SourceNode tuple |
       tuple = providerTuple().getALocalSource() and
       interface = tuple.getAPropertyWrite("provide").getRhs() and
-      concreteClass = tuple.getAPropertyWrite("useClass").getRhs()
+      concreteClass = getConcreteClassFromProviderTuple(tuple)
     )
   }
 

javascript/ql/test/library-tests/frameworks/Nest/global/app.module.ts

@@ -1,12 +1,19 @@
 import { Module } from '@nestjs/common';
 import { Controller } from './validation';
-import { Foo } from './foo.interface';
-import { FooImpl } from './foo.impl';
+import { Foo, Foo2 } from './foo.interface';
+import { FooImpl, Foo2Impl } from './foo.impl';
 
 @Module({
-    controllers: [Controller],
-    providers: [{
-        provide: Foo, useClass: FooImpl
-    }],
+  controllers: [Controller],
+  providers: [
+    {
+      provide: Foo,
+      useClass: FooImpl
+    },
+    {
+      provide: Foo2,
+      useFactory: () => new Foo2Impl()
+    }
+  ],
 })
 export class AppModule { }

javascript/ql/test/library-tests/frameworks/Nest/global/foo.impl.ts

@@ -1,7 +1,13 @@
-import { Foo } from "./foo.interface";
+import { Foo , Foo2 } from "./foo.interface";
 
 export class FooImpl extends Foo {
     fooMethod(x: string) {
         sink(x); // $ hasValueFlow=x
     }
 }
+
+export class Foo2Impl extends Foo2 {
+    fooMethod(x: string) {
+        sink(x); // $ hasValueFlow=x
+    }
+}

javascript/ql/test/library-tests/frameworks/Nest/global/foo.interface.ts

@@ -1,3 +1,7 @@
 export abstract class Foo {
     abstract fooMethod(x: string): void;
 }
+
+export abstract class Foo2 {
+    abstract fooMethod(x: string): void;
+}

javascript/ql/test/library-tests/frameworks/Nest/global/validation.ts

@@ -1,10 +1,10 @@
 import { Get, Query } from '@nestjs/common';
 import { IsIn } from 'class-validator';
-import { Foo } from './foo.interface';
+import { Foo, Foo2 } from './foo.interface';
 
 export class Controller {
   constructor(
-    private readonly foo: Foo
+    private readonly foo: Foo, private readonly foo2: Foo2
   ) { }
 
   @Get()
@@ -16,6 +16,7 @@ export class Controller {
   @Get()
   route2(@Query('x') x: string) {
     this.foo.fooMethod(x);
+    this.foo2.fooMethod(x);
   }
 }
 

javascript/ql/test/library-tests/frameworks/Nest/test.expected

@@ -1,7 +1,7 @@
 testFailures
 routeHandler
 | global/validation.ts:11:3:14:3 | route1( ...  OK\\n  } |
-| global/validation.ts:17:3:19:3 | route2( ... x);\\n  } |
+| global/validation.ts:17:3:20:3 | route2( ... x);\\n  } |
 | local/customDecorator.ts:18:3:20:3 | sneaky( ...  OK\\n  } |
 | local/customDecorator.ts:23:3:25:3 | safe(@S ...  OK\\n  } |
 | local/customPipe.ts:20:5:22:5 | sanitiz ... K\\n    } |