NestJS dependency injection support useValue provider

Author: Vasco-jofra

javascript/ql/lib/semmle/javascript/frameworks/Nest.qll

@@ -526,6 +526,9 @@ module NestJS {
       f = tuple.getAPropertyWrite("useFactory").getRhs().getALocalSource() and
       result.getAstNode() = f.getFunction().getAReturnedExpr().getType().(ClassType).getClass()
     )
+    or 
+    result.getAstNode() =
+      tuple.getAPropertyWrite("useValue").getRhs().asExpr().getType().(ClassType).getClass()
   }
 
   private predicate providerPair(DataFlow::Node interface, DataFlow::Node concreteClass) {

javascript/ql/test/library-tests/frameworks/Nest/global/app.module.ts

@@ -1,7 +1,9 @@
 import { Module } from '@nestjs/common';
 import { Controller } from './validation';
-import { Foo, Foo2 } from './foo.interface';
-import { FooImpl, Foo2Impl } from './foo.impl';
+import { Foo, Foo2, Foo3 } from './foo.interface';
+import { FooImpl, Foo2Impl, Foo3Impl } from './foo.impl';
+
+const foo3 = new Foo3Impl()
 
 @Module({
   controllers: [Controller],
@@ -13,6 +15,10 @@ import { FooImpl, Foo2Impl } from './foo.impl';
     {
       provide: Foo2,
       useFactory: () => new Foo2Impl()
+    },
+    {
+      provide: Foo3,
+      useValue: foo3
     }
   ],
 })

javascript/ql/test/library-tests/frameworks/Nest/global/foo.impl.ts

@@ -10,4 +10,10 @@ export class Foo2Impl extends Foo2 {
     fooMethod(x: string) {
         sink(x); // $ hasValueFlow=x
     }
+}
+
+export class Foo3Impl extends Foo2 {
+    fooMethod(x: string) {
+        sink(x); // $ hasValueFlow=x
+    }
 }

javascript/ql/test/library-tests/frameworks/Nest/global/foo.interface.ts

@@ -5,3 +5,7 @@ export abstract class Foo {
 export abstract class Foo2 {
     abstract fooMethod(x: string): void;
 }
+
+export abstract class Foo3 {
+    abstract fooMethod(x: string): void;
+}

javascript/ql/test/library-tests/frameworks/Nest/global/validation.ts

@@ -1,10 +1,10 @@
 import { Get, Query } from '@nestjs/common';
 import { IsIn } from 'class-validator';
-import { Foo, Foo2 } from './foo.interface';
+import { Foo, Foo2, Foo3 } from './foo.interface';
 
 export class Controller {
   constructor(
-    private readonly foo: Foo, private readonly foo2: Foo2
+    private readonly foo: Foo, private readonly foo2: Foo2, private readonly foo3: Foo3
   ) { }
 
   @Get()
@@ -17,6 +17,7 @@ export class Controller {
   route2(@Query('x') x: string) {
     this.foo.fooMethod(x);
     this.foo2.fooMethod(x);
+    this.foo3.fooMethod(x);
   }
 }
 

javascript/ql/test/library-tests/frameworks/Nest/test.expected

@@ -1,7 +1,7 @@
 testFailures
 routeHandler
 | global/validation.ts:11:3:14:3 | route1( ...  OK\\n  } |
-| global/validation.ts:17:3:20:3 | route2( ... x);\\n  } |
+| global/validation.ts:17:3:21:3 | route2( ... x);\\n  } |
 | local/customDecorator.ts:18:3:20:3 | sneaky( ...  OK\\n  } |
 | local/customDecorator.ts:23:3:25:3 | safe(@S ...  OK\\n  } |
 | local/customPipe.ts:20:5:22:5 | sanitiz ... K\\n    } |