JS: Use underlying types in DataFlow::Node

asgerf · asgerf · commit b923eac9be22 · 2025-05-20T13:20:04.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
@@ -27,6 +27,9 @@ private import internal.PreCallGraphStep
 private import semmle.javascript.internal.CachedStages
 private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private
 private import semmle.javascript.dataflow.internal.VariableOrThis
+private import semmle.javascript.internal.NameResolution
+private import semmle.javascript.internal.UnderlyingTypes
+private import semmle.javascript.internal.TypeResolution
 
 module DataFlow {
   /**
@@ -189,26 +192,6 @@ module DataFlow {
       FlowSteps::identityFunctionStep(result, this)
     }
 
-    /**
-     * Gets the static type of this node as determined by the TypeScript type system.
-     */
-    private Type getType() {
-      exists(AST::ValueNode node |
-        this = TValueNode(node) and
-        ast_node_type(node, result)
-      )
-      or
-      exists(BindingPattern pattern |
-        this = lvalueNode(pattern) and
-        ast_node_type(pattern, result)
-      )
-      or
-      exists(MethodDefinition def |
-        this = TThisNode(def.getInit()) and
-        ast_node_type(def.getDeclaringClass(), result)
-      )
-    }
-
     /**
      * Gets the type annotation describing the type of this node,
      * provided that a static type could not be found.
@@ -229,16 +212,26 @@ module DataFlow {
       )
     }
 
+    private NameResolution::Node getNameResolutionNode() {
+      this = valueNode(result)
+      or
+      exists(PropertyPattern pattern |
+        result = pattern.getValuePattern() and
+        this = TPropNode(pattern)
+      )
+    }
+
     /**
      * Holds if this node is annotated with the given named type,
      * or is declared as a subtype thereof, or is a union or intersection containing such a type.
      */
     cached
     predicate hasUnderlyingType(string globalName) {
       Stages::TypeTracking::ref() and
-      this.getType().hasUnderlyingType(globalName)
-      or
-      this.getFallbackTypeAnnotation().getAnUnderlyingType().hasQualifiedName(globalName)
+      exists(NameResolution::Node type |
+        TypeResolution::valueHasType(this.getNameResolutionNode(), type) and
+        UnderlyingTypes::nodeHasUnderlyingType(type, globalName)
+      )
     }
 
     /**
@@ -248,9 +241,11 @@ module DataFlow {
     cached
     predicate hasUnderlyingType(string moduleName, string typeName) {
       Stages::TypeTracking::ref() and
-      this.getType().hasUnderlyingType(moduleName, typeName)
-      or
-      this.getFallbackTypeAnnotation().getAnUnderlyingType().hasQualifiedName(moduleName, typeName)
+      moduleName != "global" and
+      exists(NameResolution::Node type |
+        TypeResolution::valueHasType(this.getNameResolutionNode(), type) and
+        UnderlyingTypes::nodeHasUnderlyingType(type, moduleName, typeName)
+      )
     }
 
     /**
