Refactor ClientRequest to introduce GotInstance classes for improved handling of got instances and options retrieval.

Author: Napalys

javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll

@@ -415,20 +415,51 @@ module ClientRequest {
   }
 
   /**
-   * Gets a reference to an instance of the `got` library, including instances
-   * created through chained `extend` calls.
+   * Represents an instance of the `got` HTTP client library.
    */
-  private API::Node getAGotInstance() {
-    result = [API::moduleImport("got"), getAGotInstance().getMember("extend").getReturn()]
+  abstract private class GotInstance extends API::Node {
+    /**
+     * Gets the options object associated with this instance of `got`.
+     */
+    API::Node getOptions() { none() }
+  }
+
+  /**
+   * Represents the root `got` module import.
+   * For example: `const got = require('got')`.
+   */
+  private class RootGotInstance extends GotInstance {
+    RootGotInstance() { this = API::moduleImport("got") }
+  }
+
+  /**
+   * Represents an instance of `got` created by calling the `extend()` method.
+   * It may also be chained with multiple calls to `extend()`.
+   *
+   * For example: `const client = got.extend({ prefixUrl: 'https://example.com' })`.
+   */
+  private class ExtendGotInstance extends GotInstance {
+    private GotInstance base;
+    private API::CallNode extendCall;
+
+    ExtendGotInstance() {
+      extendCall = base.getMember("extend").getACall() and
+      this = extendCall.getReturn()
+    }
+
+    override API::Node getOptions() {
+      result = extendCall.getParameter(0) or result = base.getOptions()
+    }
   }
 
   /**
    * A model of a URL request made using the `got` library.
    */
   class GotUrlRequest extends ClientRequest::Range {
+    GotInstance got;
+
     GotUrlRequest() {
-      exists(API::Node callee, API::Node got | this = callee.getACall() |
-        got = getAGotInstance() and
+      exists(API::Node callee | this = callee.getACall() |
         callee =
           [
             got,
@@ -442,11 +473,8 @@ module ClientRequest {
       not exists(this.getOptionArgument(1, "baseUrl"))
       or
       // Handle URL from options passed to extend()
-      exists(API::CallNode extendCall |
-        extendCall = API::moduleImport("got").getMember("extend").getACall() and
-        result = extendCall.getParameter(0).getMember("url").asSink() and
-        not exists(this.getArgument(0))
-      )
+      result = got.getOptions().getMember("url").asSink() and
+      not exists(this.getArgument(0))
       or
       // Handle URL from options passed as third argument when first arg is undefined/missing
       exists(API::InvokeNode optionsCall |

javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected

@@ -264,13 +264,10 @@ test_getUrl
 | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:9:328:17 | undefined |
 | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:9:329:17 | undefined |
 | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:40:329:42 | url |
-| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:336:41:336:43 | url |
-| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:339:42:339:44 | url |
 | tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:18:334:20 | url |
 | tst.js:337:5:337:20 | jsonClient.get() | tst.js:336:41:336:43 | url |
-| tst.js:337:5:337:20 | jsonClient.get() | tst.js:339:42:339:44 | url |
-| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:336:41:336:43 | url |
 | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:42:339:44 | url |
+| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:61:339:63 | url |
 test_getAResponseDataNode
 | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | json | true |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | json | true |