Enhance SuperAgent URL request handling for both method calls and direct calls

Author: Napalys

javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll

@@ -529,8 +529,16 @@ module ClientRequest {
     SuperAgentUrlRequest() {
       exists(string moduleName, DataFlow::SourceNode callee | this = callee.getACall() |
         moduleName = "superagent" and
-        callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and
-        url = this.getArgument(0)
+        (
+          // Handle method calls like superagent.get(url)
+          callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and
+          url = this.getArgument(0)
+          or
+          // Handle direct calls like superagent('GET', url)
+          callee = DataFlow::moduleImport(moduleName) and
+          this.getArgument(0).mayHaveStringValue(getSuperagentRequestMethodName()) and
+          url = this.getArgument(1)
+        )
       )
     }
 

javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected

@@ -91,6 +91,7 @@ test_ClientRequest
 | tst.js:286:20:286:55 | new Web ... :8080') |
 | tst.js:296:5:299:6 | axios({ ... \\n    }) |
 | tst.js:312:12:312:36 | fetchPo ... o/bar') |
+| tst.js:319:5:319:26 | superag ... ', url) |
 | tst.js:320:5:320:23 | superagent.del(url) |
 test_getADataNode
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } |
@@ -241,6 +242,7 @@ test_getUrl
 | tst.js:296:5:299:6 | axios({ ... \\n    }) | tst.js:296:11:299:5 | {\\n      ... ,\\n    } |
 | tst.js:296:5:299:6 | axios({ ... \\n    }) | tst.js:298:14:298:44 | "http:/ ... -axios" |
 | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:26:312:35 | '/foo/bar' |
+| tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:23:319:25 | url |
 | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url |
 test_getAResponseDataNode
 | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | json | true |
@@ -316,4 +318,5 @@ test_getAResponseDataNode
 | tst.js:296:5:299:6 | axios({ ... \\n    }) | tst.js:303:26:303:37 | err.response | json | false |
 | tst.js:296:5:299:6 | axios({ ... \\n    }) | tst.js:304:27:304:38 | err.response | json | false |
 | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:12:312:36 | fetchPo ... o/bar') | fetch.response | true |
+| tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:5:319:26 | superag ... ', url) | stream | true |
 | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true |

javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js

@@ -316,7 +316,7 @@ function usePolyfill() {
 }
 
 function useSuperagent(url){
-    superagent('GET', url); // Not flagged
+    superagent('GET', url);
     superagent.del(url);
     superagent.agent().post(url).send(data); // Not flagged
 }