add a CopyStep type-tracking step, for loadStoreSteps that loads and stores the same property

erik-krogh · erik-krogh · commit 1be326a37bd0 · 2020-04-01T11:21:05.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/Collections.qll b/javascript/ql/src/semmle/javascript/Collections.qll
@@ -87,10 +87,10 @@ module CollectionsTypeTracking {
       summary = StoreStep(field) and
       step.store(pred, result, field)
       or
+      summary = CopyStep(field) and
+      step.loadStore(pred, result, field)
+      or
       exists(string toField | summary = LoadStoreStep(field, toField) |
-        field = toField and
-        step.loadStore(pred, result, field)
-        or
         step.loadStore(pred, result, field, toField)
       )
     )
diff --git a/javascript/ql/src/semmle/javascript/Promises.qll b/javascript/ql/src/semmle/javascript/Promises.qll
@@ -176,7 +176,7 @@ module PromiseTypeTracking {
       summary = StoreStep(field) and
       step.store(pred, result, field)
       or
-      summary = LoadStoreStep(field, field) and
+      summary = CopyStep(field) and
       step.loadStore(pred, result, field)
     )
   }
diff --git a/javascript/ql/src/semmle/javascript/dataflow/TypeTracking.qll b/javascript/ql/src/semmle/javascript/dataflow/TypeTracking.qll
@@ -57,6 +57,8 @@ class TypeTracker extends TTypeTracker {
       result = MkTypeTracker(hasCall, toProp)
     )
     or
+    step = CopyStep(prop) and result = this
+    or
     step = CallStep() and result = MkTypeTracker(true, prop)
     or
     step = ReturnStep() and hasCall = false and result = this
@@ -219,6 +221,8 @@ class TypeBackTracker extends TTypeBackTracker {
       result = MkTypeBackTracker(hasReturn, fromProp)
     )
     or
+    step = CopyStep(prop) and result = this
+    or
     step = CallStep() and hasReturn = false and result = this
     or
     step = ReturnStep() and result = MkTypeBackTracker(true, prop)
diff --git a/javascript/ql/src/semmle/javascript/dataflow/internal/StepSummary.qll b/javascript/ql/src/semmle/javascript/dataflow/internal/StepSummary.qll
@@ -40,9 +40,8 @@ newtype TStepSummary =
   ReturnStep() or
   StoreStep(PropertyName prop) or
   LoadStep(PropertyName prop) or
+  CopyStep(PropertyName prop) or
   LoadStoreStep(PropertyName fromProp, PropertyName toProp) {
-    fromProp = toProp
-    or
     exists(TypeTrackingPseudoProperty prop | fromProp = prop and toProp = prop.getLoadStoreToProp())
   }
 
@@ -64,6 +63,8 @@ class StepSummary extends TStepSummary {
     or
     exists(string prop | this = LoadStep(prop) | result = "load " + prop)
     or
+    exists(string prop | this = CopyStep(prop) | result = "copy " + prop)
+    or
     exists(string fromProp, string toProp | this = LoadStoreStep(fromProp, toProp) |
       result = "copy " + fromProp + " to " + toProp
     )

Original file line number	Diff line number	Diff line change
`@@ -87,10 +87,10 @@ module CollectionsTypeTracking {`
`87`	`87`	`summary = StoreStep(field) and`
`88`	`88`	`step.store(pred, result, field)`
`89`	`89`	`or`
	`90`	`+ summary = CopyStep(field) and`
	`91`	`+ step.loadStore(pred, result, field)`
	`92`	`+ or`
`90`	`93`	`exists(string toField \| summary = LoadStoreStep(field, toField) \|`
`91`		`- field = toField and`
`92`		`- step.loadStore(pred, result, field)`
`93`		`- or`
`94`	`94`	`step.loadStore(pred, result, field, toField)`
`95`	`95`	`)`
`96`	`96`	`)`
Original file line number	Diff line number	Diff line change
`@@ -176,7 +176,7 @@ module PromiseTypeTracking {`
`176`	`176`	`summary = StoreStep(field) and`
`177`	`177`	`step.store(pred, result, field)`
`178`	`178`	`or`
`179`		`- summary = LoadStoreStep(field, field) and`
	`179`	`+ summary = CopyStep(field) and`
`180`	`180`	`step.loadStore(pred, result, field)`
`181`	`181`	`)`
`182`	`182`	`}`