fix second round of code review. improve documents, fix better-sqlite3 method

am0o0 · am0o0 · commit 60b422a35cc1 · 2023-11-23T14:01:38.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll b/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
@@ -123,9 +123,8 @@ private module Postgres {
   }
 
   /**
-   * Gets a Postgres Query class.
-   *
-   * Please note that according to [this documentation](https://node-postgres.com/apis/client) this is an advance feature
+   * Gets the Postgres Query class.
+   * This class can be used to create reusable query objects (see https://node-postgres.com/apis/client).
    */
   API::Node query() { result = API::moduleImport("pg").getMember("Query") }
 
@@ -309,20 +308,16 @@ private module Sqlite {
  */
 private module BetterSqlite3 {
   /**
-   * Gets an expression that constructs or returns a `better-sqlite3` database instance.
+   * Gets a `better-sqlite3` database instance.
    */
   API::Node database() {
-    // initialDatabaseInstance is an instance of Database that constructed and instantiated in the first step of Database initialization,
-    // not from a return value of the other library functions
-    exists(API::Node initialDatabaseInstance |
-      initialDatabaseInstance =
-        [
-          API::moduleImport("better-sqlite3").getInstance(),
-          API::moduleImport("better-sqlite3").getReturn()
-        ]
-    |
-      result = [initialDatabaseInstance, initialDatabaseInstance.getMember("exec").getReturn()]
-    )
+    result =
+      [
+        API::moduleImport("better-sqlite3").getInstance(),
+        API::moduleImport("better-sqlite3").getReturn()
+      ]
+    or
+    result = database().getMember("exec").getReturn()
   }
 
   /** A call to a better-sqlite3 query method. */
diff --git a/javascript/ql/src/experimental/semmle/javascript/SQL.qll b/javascript/ql/src/experimental/semmle/javascript/SQL.qll
@@ -4,7 +4,7 @@
 
 import javascript
 
-module ExperimentalSQL {
+module ExperimentalSql {
   /**
    * Provides SQL injection Sinks for the [TypeORM](https://www.npmjs.com/package/typeorm) package
    */
diff --git a/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected b/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
@@ -82,9 +82,9 @@
 | sqlite3.js:7:8:7:45 | "UPDATE ... id = ?" |
 | sqlite3.js:8:8:8:45 | "UPDATE ... id = ?" |
 | sqlite-types.ts:4:12:4:49 | "UPDATE ... id = ?" |
-| sqlite.js:9:10:9:65 | 'SELECT ... id = 1" |
-| sqlite.js:12:10:12:65 | 'SELECT ... id = 1" |
-| sqlite.js:15:10:15:74 | 'INSERT ... ',100)' |
-| sqlite.js:18:14:19:18 | 'SELECT ... id = 1" |
-| sqlite.js:25:19:25:74 | 'SELECT ... id = 1" |
+| sqlite.js:8:10:8:65 | 'SELECT ... id = 1" |
+| sqlite.js:11:10:11:65 | 'SELECT ... id = 1" |
+| sqlite.js:14:10:14:50 | 'SELECT ... id > 5' |
+| sqlite.js:17:14:18:18 | 'SELECT ... id = 1" |
+| sqlite.js:24:19:24:74 | 'SELECT ... id = 1" |
 | sqliteArray.js:6:12:6:49 | "UPDATE ... id = ?" |
