JS: Ensure MkClassInstance exists for base classes

asgerf · asgerf · commit 81b96a804173 · 2024-04-09T14:32:58.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
@@ -696,14 +696,7 @@ module API {
         or
         any(Type t).hasUnderlyingType(m, _)
       } or
-      MkClassInstance(DataFlow::ClassNode cls) {
-        hasSemantics(cls) and
-        (
-          cls = trackDefNode(_)
-          or
-          cls.getAnInstanceReference() = trackDefNode(_)
-        )
-      } or
+      MkClassInstance(DataFlow::ClassNode cls) { needsDefNode(cls) } or
       MkDef(DataFlow::Node nd) { rhs(_, _, nd) } or
       MkUse(DataFlow::Node nd) { use(_, _, nd) } or
       /** A use of a TypeScript type. */
@@ -716,6 +709,17 @@ module API {
         trackUseNode(src, true, bound, "").flowsTo(nd.getCalleeNode())
       }
 
+    private predicate needsDefNode(DataFlow::ClassNode cls) {
+      hasSemantics(cls) and
+      (
+        cls = trackDefNode(_)
+        or
+        cls.getAnInstanceReference() = trackDefNode(_)
+        or
+        needsDefNode(cls.getADirectSubClass())
+      )
+    }
+
     class TDef = MkModuleDef or TNonModuleDef;
 
     class TNonModuleDef = MkModuleExport or MkClassInstance or MkDef or MkSyntheticCallbackArg;
diff --git a/javascript/ql/test/library-tests/ModelGeneration/ModelGeneration.expected b/javascript/ql/test/library-tests/ModelGeneration/ModelGeneration.expected
@@ -37,6 +37,7 @@ typeModel
 | (subclass).A | subclass | Member[A] |
 | (subclass).A.prototype | (subclass).A | Instance |
 | (subclass).A.prototype | (subclass).B.prototype |  |
+| (subclass).A.prototype | (subclass).ExposedMidSubClass.prototype~expr1 |  |
 | (subclass).A.prototype.a | (subclass).A.prototype | Member[a] |
 | (subclass).B | subclass | Member[B] |
 | (subclass).B.prototype | (subclass).B | Instance |
@@ -51,6 +52,7 @@ typeModel
 | (subclass).ExposedMidSubClass | subclass | Member[ExposedMidSubClass] |
 | (subclass).ExposedMidSubClass.prototype | (subclass).ExposedMidSubClass | Instance |
 | (subclass).ExposedMidSubClass.prototype.m | (subclass).ExposedMidSubClass.prototype | Member[m] |
+| (subclass).ExposedMidSubClass.prototype~expr1 | (subclass).ExposedMidSubClass.prototype |  |
 | upstream-lib | (reexport).func | ReturnValue |
 | upstream-lib | reexport | Member[lib] |
 | upstream-lib.Type | (subclass).D.prototype |  |
diff --git a/javascript/ql/test/library-tests/ModelGeneration/subclass/subclass.js b/javascript/ql/test/library-tests/ModelGeneration/subclass/subclass.js
@@ -17,7 +17,6 @@ export class D extends upstream.Type {
 }
 
 // Test case where subclass chain goes through an internal class
-// TODO: we miss the subclass chain between ExposedMidSubClass and A
 class InternalMidClass extends A {}
 
 export class ExposedMidSubClass extends InternalMidClass {

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,6 @@ export class D extends upstream.Type {`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`// Test case where subclass chain goes through an internal class`
`20`		`-// TODO: we miss the subclass chain between ExposedMidSubClass and A`
`21`	`20`	`class InternalMidClass extends A {}`
`22`	`21`
`23`	`22`	`export class ExposedMidSubClass extends InternalMidClass {`