JS: Use type resolution for CG augmentation

asgerf · asgerf · commit 307715a5cdc2 · 2025-05-20T13:20:17.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/Expr.qll b/javascript/ql/lib/semmle/javascript/Expr.qll
@@ -4,6 +4,7 @@
 
 import javascript
 private import semmle.javascript.internal.CachedStages
+private import semmle.javascript.internal.TypeResolution
 
 /**
  * A program element that is either an expression or a type annotation.
@@ -1017,7 +1018,11 @@ class InvokeExpr extends @invokeexpr, Expr {
    * Note that the resolved function may be overridden in a subclass and thus is not
    * necessarily the actual target of this invocation at runtime.
    */
-  Function getResolvedCallee() { result = this.getResolvedCalleeName().getImplementation() }
+  Function getResolvedCallee() {
+    TypeResolution::callTarget(this, result)
+    or
+    result = this.getResolvedCalleeName().getImplementation()
+  }
 }
 
 /**
diff --git a/javascript/ql/lib/semmle/javascript/internal/TypeResolution.qll b/javascript/ql/lib/semmle/javascript/internal/TypeResolution.qll
@@ -111,7 +111,7 @@ module TypeResolution {
       member.(AST::ValueNode).flow(), contents)
   }
 
-  private predicate callTarget(InvokeExpr call, Function target) {
+  predicate callTarget(InvokeExpr call, Function target) {
     exists(ClassDefinition cls |
       valueHasType(call.(NewExpr).getCallee(), trackClassValue(cls)) and
       target = cls.getConstructor().getBody()

Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ module TypeResolution {`
`111`	`111`	`member.(AST::ValueNode).flow(), contents)`
`112`	`112`	`}`
`113`	`113`
`114`		`- private predicate callTarget(InvokeExpr call, Function target) {`
	`114`	`+ predicate callTarget(InvokeExpr call, Function target) {`
`115`	`115`	`exists(ClassDefinition cls \|`
`116`	`116`	`valueHasType(call.(NewExpr).getCallee(), trackClassValue(cls)) and`
`117`	`117`	`target = cls.getConstructor().getBody()`