JS: Rename RouteHandlerInput->RouteHandlerParameter

asgerf · asgerf · commit 8aa4d8227ee4 · 2021-12-15T16:32:18.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/Routing.qll b/javascript/ql/lib/semmle/javascript/Routing.qll
@@ -285,7 +285,7 @@ module Routing {
     }
 
     /**
-     * Gets a node whose value can be accessed via the given access path on `n`th route handler input,
+     * Gets a node whose value can be accessed via the given access path on the `n`th route handler parameter,
      * from any route handler that follows after this one.
      *
      * For example, in the context of Express, the `app` object is available as `req.app`:
@@ -774,20 +774,16 @@ module Routing {
     /**
      * Gets the `i`th parameter of this route handler.
      *
-     * This is equivalent to `getParameter(i)` but returns a `RouteHandlerInput`.
-     *
-     * To find all references to this parameter, use `getInput(n).ref()`.
+     * To find all references to this parameter, use `getParameter(n).ref()`.
      */
-    final RouteHandlerInput getInput(int n) { result = function.getParameter(n) }
+    final RouteHandlerParameter getParameter(int n) { result = function.getParameter(n) }
 
     /**
      * Gets a parameter of this route handler.
      *
-     * This is equivalent to `getAParameter()` but returns a `RouteHandlerInput`.
-     *
-     * To find all references to a parameter, use `getAnInput().ref()`.
+     * To find all references to a parameter, use `getAParameter().ref()`.
      */
-    final RouteHandlerInput getAnInput() { result = function.getAParameter() }
+    final RouteHandlerParameter getAParameter() { result = function.getAParameter() }
 
     /** Gets the function implementing this route handler. */
     DataFlow::FunctionNode getFunction() { result = function }
@@ -802,11 +798,11 @@ module Routing {
      * if the default behavior is inadequate for that framework.
      */
     DataFlow::CallNode getAContinuationInvocation() {
-      result = getAnInput().ref().getAnInvocation() and
+      result = getAParameter().ref().getAnInvocation() and
       result.getNumArgument() = 0
       or
       result.(DataFlow::MethodCallNode).getMethodName() = "then" and
-      result.getArgument(0) = getAnInput().ref().getALocalUse()
+      result.getArgument(0) = getAParameter().ref().getALocalUse()
     }
   }
 
@@ -820,18 +816,18 @@ module Routing {
   /**
    * A parameter to a route handler function.
    */
-  class RouteHandlerInput extends DataFlow::ParameterNode {
-    RouteHandlerInput() { this = any(RouteHandler h).getFunction().getAParameter() }
+  class RouteHandlerParameter extends DataFlow::ParameterNode {
+    RouteHandlerParameter() { this = any(RouteHandler h).getFunction().getAParameter() }
 
-    /** Gets a data flow node referring to this route handler input. */
+    /** Gets a data flow node referring to this route handler parameter. */
     private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
       t.start() and
       result = this
       or
       exists(DataFlow::TypeTracker t2 | result = ref(t2).track(t2, t))
     }
 
-    /** Gets a data flow node referring to this route handler input. */
+    /** Gets a data flow node referring to this route handler parameter. */
     DataFlow::SourceNode ref() { result = ref(DataFlow::TypeTracker::end()) }
 
     /**
@@ -840,7 +836,7 @@ module Routing {
     final RouteHandler getRouteHandler() { result.getFunction().getAParameter() = this }
 
     /**
-     * Gets a node that is stored in the given access path on this route handler input, either
+     * Gets a node that is stored in the given access path on this route handler parameter, either
      * during execution of this router handler, or in one of the preceding ones.
      */
     pragma[inline]
@@ -854,7 +850,7 @@ module Routing {
   }
 
   /**
-   * Gets a value that flows into the given access path of the `n`th route handler input at `base`.
+   * Gets a value that flows into the given access path of the `n`th route handler parameter of `base`.
    *
    * For example,
    * ```js
@@ -874,7 +870,7 @@ module Routing {
   private DataFlow::Node getAnAccessPathRhs(Node base, int n, string path) {
     // Assigned in the body of a route handler function, whi
     exists(RouteHandler handler | base = handler |
-      result = AccessPath::getAnAssignmentTo(handler.getInput(n).ref(), path) and
+      result = AccessPath::getAnAssignmentTo(handler.getParameter(n).ref(), path) and
       exists(handler.getAContinuationInvocation())
     )
     or
@@ -890,7 +886,7 @@ module Routing {
   }
 
   /**
-   * Gets a value that refers to the given access path of the `n`th route handler input at `base`
+   * Gets a value that refers to the given access path of the `n`th route handler parameter of `base`.
    *
    * For example,
    * ```js
@@ -902,7 +898,7 @@ module Routing {
    * of `handler2`.
    */
   private DataFlow::SourceNode getAnAccessPathRead(RouteHandler base, int n, string path) {
-    result = AccessPath::getAReferenceTo(base.getInput(n).ref(), path) and
+    result = AccessPath::getAReferenceTo(base.getParameter(n).ref(), path) and
     not AccessPath::DominatingPaths::hasDominatingWrite(result)
   }
 
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Express.qll b/javascript/ql/lib/semmle/javascript/frameworks/Express.qll
@@ -1038,7 +1038,7 @@ module Express {
     override DataFlow::Node getTemplateParamsNode() { result = this.getArgument(1) }
 
     override DataFlow::Node getTemplateParamForValue(string accessPath) {
-      result = res.(Routing::RouteHandlerInput).getValueFromAccessPath("locals." + accessPath)
+      result = res.(Routing::RouteHandlerParameter).getValueFromAccessPath("locals." + accessPath)
     }
 
     override DataFlow::SourceNode getOutput() { result = this.getCallback(2).getParameter(1) }
diff --git a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
@@ -21,7 +21,7 @@ string cookieProperty() { result = "session" or result = "cookies" or result = "
  */
 predicate isRouteHandlerUsingCookies(Routing::RouteHandler handler) {
   exists(DataFlow::PropRef value |
-    value = handler.getAnInput().ref().getAPropertyRead(cookieProperty()).getAPropertyReference() and
+    value = handler.getAParameter().ref().getAPropertyRead(cookieProperty()).getAPropertyReference() and
     // Ignore accesses to values that are part of a CSRF or captcha check
     not value.getPropertyName().regexpMatch("(?i).*(csrf|xsrf|captcha).*") and
     // Ignore calls like `req.session.save()`
@@ -124,7 +124,7 @@ private Routing::RouteHandler getAHandlerSettingCsrfCookie() {
  * Or by the response parameter setting a CSRF related cookie.
  */
 predicate isCsrfProtectionRouteHandler(Routing::RouteHandler handler) {
-  handler.getAnInput() = nodeLeadingToCsrfWriteOrCheck(DataFlow::TypeBackTracker::end())
+  handler.getAParameter() = nodeLeadingToCsrfWriteOrCheck(DataFlow::TypeBackTracker::end())
   or
   handler = getAHandlerSettingCsrfCookie()
 }

Original file line number	Diff line number	Diff line change
`@@ -1038,7 +1038,7 @@ module Express {`
`1038`	`1038`	`override DataFlow::Node getTemplateParamsNode() { result = this.getArgument(1) }`
`1039`	`1039`
`1040`	`1040`	`override DataFlow::Node getTemplateParamForValue(string accessPath) {`
`1041`		`- result = res.(Routing::RouteHandlerInput).getValueFromAccessPath("locals." + accessPath)`
	`1041`	`+ result = res.(Routing::RouteHandlerParameter).getValueFromAccessPath("locals." + accessPath)`
`1042`	`1042`	`}`
`1043`	`1043`
`1044`	`1044`	`override DataFlow::SourceNode getOutput() { result = this.getCallback(2).getParameter(1) }`