JS: Support AdditionalUseStep in API graphs

asgerf · asgerf · commit e9575c3df6b6 · 2021-12-07T10:41:52.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
@@ -388,6 +388,23 @@ module API {
     API::Node getNode() { result = root().getASuccessor(Label::entryPoint(this)) }
   }
 
+  /**
+   * A class for contributing new steps for tracking uses of an API.
+   */
+  class AdditionalUseStep extends Unit {
+    /**
+     * Holds if use nodes should flow from `pred` to `succ`.
+     */
+    predicate step(DataFlow::SourceNode pred, DataFlow::SourceNode succ) { none() }
+  }
+
+  private module AdditionalUseStep {
+    pragma[nomagic]
+    predicate step(DataFlow::SourceNode pred, DataFlow::SourceNode succ) {
+      any(AdditionalUseStep st).step(pred, succ)
+    }
+  }
+
   /**
    * Provides the actual implementation of API graphs, cached for performance.
    *
@@ -751,6 +768,11 @@ module API {
         boundArgs in [0 .. 10]
       )
       or
+      exists(DataFlow::SourceNode mid |
+        mid = trackUseNode(nd, promisified, boundArgs, prop, t) and
+        AdditionalUseStep::step(pragma[only_bind_out](mid), result)
+      )
+      or
       exists(DataFlow::Node pred, string preprop |
         trackUseNode(nd, promisified, boundArgs, preprop, t.continue()).flowsTo(pred) and
         promisified = false and
