JS: Move fastify-specific route handler step into extension point

Author: asgerf

javascript/ql/lib/semmle/javascript/Routing.qll

@@ -419,6 +419,8 @@ module Routing {
         or
         HTTP::routeHandlerStep(result, this)
         or
+        RouteHandlerTrackingStep::step(result, this)
+        or
         exists(string prop |
           StepSummary::smallstep(result, getSourceProp(prop).getALocalUse(), StoreStep(prop))
         )
@@ -496,6 +498,22 @@ module Routing {
     }
   }
 
+  /**
+   * An edge that should be used for tracking route handler definitions to their use-sites.
+   *
+   * This may be subclassed by framework models to contribute additional steps.
+   */
+  class RouteHandlerTrackingStep extends Unit {
+    /** Holds if route handlers should be propagated along the edge `pred -> succ`. */
+    predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
+  }
+
+  private module RouteHandlerTrackingStep {
+    predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+      any(RouteHandlerTrackingStep s).step(pred, succ)
+    }
+  }
+
   /**
    * A node in the routing tree which has no parent.
    */

javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll

@@ -404,4 +404,14 @@ module Fastify {
       )
     }
   }
+
+  private class RouteHandlerTracking extends Routing::RouteHandlerTrackingStep {
+    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+      exists(DataFlow::CallNode call |
+        call = DataFlow::moduleImport("fastify-plugin") and
+        pred = call.getArgument(0) and
+        succ = call
+      )
+    }
+  }
 }

javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll

@@ -234,12 +234,6 @@ module HTTP {
     or
     // references to class methods
     succ = CallGraph::callgraphStep(pred, DataFlow::TypeTracker::end())
-    or
-    exists(DataFlow::CallNode call |
-      call = DataFlow::moduleImport("fastify-plugin") and
-      pred = call.getArgument(0) and
-      succ = call
-    )
   }
 
   /**