JS: Mark type-annotated nodes as SourceNode

asgerf · asgerf · commit e07a03619ddd · 2025-05-20T13:20:24.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
@@ -333,7 +333,13 @@ module SourceNode {
         astNode instanceof TaggedTemplateExpr or
         astNode instanceof Templating::PipeRefExpr or
         astNode instanceof Templating::TemplateVarRefExpr or
-        astNode instanceof StringLiteral
+        astNode instanceof StringLiteral or
+        astNode instanceof TypeAssertion
+      )
+      or
+      exists(VariableDeclarator decl |
+        exists(decl.getTypeAnnotation()) and
+        this = DataFlow::valueNode(decl.getBindingPattern())
       )
       or
       DataFlow::parameterNode(this, _)
diff --git a/javascript/ql/lib/semmle/javascript/internal/TypeResolution.qll b/javascript/ql/lib/semmle/javascript/internal/TypeResolution.qll
@@ -189,7 +189,12 @@ module TypeResolution {
     )
   }
 
-  private predicate contextualType(Node value, Node type) {
+  predicate contextualType(Node value, Node type) {
+    exists(LocalVariable v |
+      type = v.getADeclaration().getTypeAnnotation() and
+      value = v.getAnAssignedExpr()
+    )
+    or
     exists(InvokeExpr call, Function target, int i |
       callTarget(call, target) and
       value = call.getArgument(i) and
@@ -228,6 +233,8 @@ module TypeResolution {
   predicate valueHasType(Node value, Node type) {
     value.(BindingPattern).getTypeAnnotation() = type
     or
+    value.(TypeAssertion).getTypeAnnotation() = type
+    or
     exists(VarDecl decl |
       // ValueFlow::step is restricted to variables with at most one assignment. Allow the type annotation
       // of a variable to propagate to its uses, even if the variable has multiple assignments.
diff --git a/javascript/ql/test/library-tests/UnderlyingTypes/test.expected b/javascript/ql/test/library-tests/UnderlyingTypes/test.expected
@@ -48,3 +48,4 @@
 | subtype.ts:7:13:7:15 | req | 'express'.Request |
 | subtype.ts:13:13:13:15 | req | 'express'.Request |
 | subtype.ts:19:13:19:15 | req | 'express'.Request |
+| varAssignment.ts:4:9:4:11 | req | 'express'.Request |
diff --git a/javascript/ql/test/library-tests/UnderlyingTypes/varAssignment.ts b/javascript/ql/test/library-tests/UnderlyingTypes/varAssignment.ts
@@ -1,5 +1,5 @@
 import * as express from 'express';
 
 function t1(e) {
-    var req: express.Request = e; // $ MISSING: hasUnderlyingType='express'.Request
+    var req: express.Request = e; // $ hasUnderlyingType='express'.Request
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`import * as express from 'express';`
`2`	`2`
`3`	`3`	`function t1(e) {`
`4`		`- var req: express.Request = e; // $ MISSING: hasUnderlyingType='express'.Request`
	`4`	`+ var req: express.Request = e; // $ hasUnderlyingType='express'.Request`
`5`	`5`	`}`