naive conversion of ldapjs model to API node

erik-krogh · erik-krogh · commit 94e2676c0f71 · 2021-10-01T09:00:10.000+02:00
diff --git a/javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll b/javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
@@ -15,35 +15,35 @@ module Ldapjs {
   /**
    * Gets a data flow source node for an LDAP client.
    */
-  abstract class LdapClient extends DataFlow::SourceNode { }
+  abstract class LdapClient extends API::Node { }
 
   /**
    * Gets a data flow source node for the ldapjs library.
    */
-  private DataFlow::SourceNode ldapjs() { result = DataFlow::moduleImport("ldapjs") }
+  private API::Node ldapjs() { result = API::moduleImport("ldapjs") }
 
   /**
    * Gets a data flow source node for the ldapjs client.
    */
   class LdapjsClient extends LdapClient {
-    LdapjsClient() { this = ldapjs().getAMemberCall("createClient") }
+    LdapjsClient() { this = ldapjs().getMember("createClient").getReturn() }
   }
 
   /**
    * Gets a data flow node for the client `search` options.
    */
-  class LdapjsSearchOptions extends DataFlow::SourceNode {
-    DataFlow::CallNode queryCall;
+  class LdapjsSearchOptions extends API::Node {
+    API::CallNode queryCall;
 
     LdapjsSearchOptions() {
-      queryCall = any(LdapjsClient client).getAMemberCall("search") and
-      this = queryCall.getArgument(1).getALocalSource()
+      queryCall = any(LdapjsClient client).getMember("search").getACall() and
+      this = queryCall.getParameter(1)
     }
 
     /**
      * Gets the LDAP query call that these options are used in.
      */
-    DataFlow::InvokeNode getQueryCall() { result = queryCall }
+    API::CallNode getQueryCall() { result = queryCall }
   }
 
   /**
@@ -52,20 +52,20 @@ module Ldapjs {
   class LdapjsSearchFilter extends DataFlow::Node {
     LdapjsSearchOptions options;
 
-    LdapjsSearchFilter() { this = options.getAPropertyWrite("filter").getRhs() }
+    LdapjsSearchFilter() { this = options.getMember("filter").getARhs() }
 
     /**
      * Gets the LDAP query call that this filter is used in.
      */
-    DataFlow::InvokeNode getQueryCall() { result = options.getQueryCall() }
+    API::CallNode getQueryCall() { result = options.getQueryCall() }
   }
 
   /**
    * A call to the ldapjs Client API methods.
    */
-  class LdapjsClientAPICall extends DataFlow::CallNode {
+  class LdapjsClientAPICall extends API::CallNode {
     LdapjsClientAPICall() {
-      this = any(LdapjsClient client).getAMemberCall(getLdapjsClientDNMethodName())
+      this = any(LdapjsClient client).getMember(getLdapjsClientDNMethodName()).getACall()
     }
   }
 
@@ -80,13 +80,13 @@ module Ldapjs {
     /**
      * Gets the LDAP query call that this DN is used in.
      */
-    DataFlow::InvokeNode getQueryCall() { result = queryCall }
+    API::CallNode getQueryCall() { result = queryCall }
   }
 
   /**
    * Ldapjs parseFilter method call.
    */
   class LdapjsParseFilter extends DataFlow::CallNode {
-    LdapjsParseFilter() { this = ldapjs().getAMemberCall("parseFilter") }
+    LdapjsParseFilter() { this = ldapjs().getMember("parseFilter").getACall() }
   }
 }
