JS: Improve sequelize model

Author: asgerf

javascript/ql/src/semmle/javascript/frameworks/SQL.qll

@@ -463,22 +463,34 @@ private module MsSql {
  * Provides classes modelling the `sequelize` package.
  */
 private module Sequelize {
-  /** Gets an import of the `sequelize` module. */
-  API::Node sequelize() { result = API::moduleImport("sequelize") }
+  /** Gets an import of the `sequelize` module or one that re-exports it. */
+  API::Node sequelize() { result = API::moduleImport(["sequelize", "sequelize-typescript"]) }
 
   /** Gets an expression that creates an instance of the `Sequelize` class. */
-  API::Node newSequelize() { result = sequelize().getInstance() }
+  API::Node instance() {
+    result = [sequelize(), sequelize().getMember("Sequelize")].getInstance()
+    or
+    result = API::Node::ofType(["sequelize", "sequelize-typescript"], ["Sequelize", "default"])
+  }
 
   /** A call to `Sequelize.query`. */
   private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
-    QueryCall() { this = newSequelize().getMember("query").getACall() }
+    QueryCall() { this = instance().getMember("query").getACall() }
 
-    override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
+    override DataFlow::Node getAQueryArgument() {
+      result = getArgument(0)
+      or
+      result = getOptionArgument(0, "query")
+    }
   }
 
   /** An expression that is passed to `Sequelize.query` method and hence interpreted as SQL. */
   class QueryString extends SQL::SqlString {
-    QueryString() { this = any(QueryCall qc).getAQueryArgument().asExpr() }
+    QueryString() {
+      this = any(QueryCall qc).getAQueryArgument().asExpr()
+      or
+      this = sequelize().getMember(["literal", "asIs"]).getParameter(0).getARhs().asExpr()
+    }
   }
 
   /**

javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected

@@ -33,6 +33,10 @@
 | postgres-types.ts:4:18:4:29 | 'SELECT 123' |
 | postgresImport.js:4:18:4:43 | 'SELECT ... number' |
 | sequelize2.js:10:17:10:118 | 'SELECT ... Y name' |
+| sequelize2.js:12:17:15:1 | {\\n  que ... [123]\\n} |
+| sequelize2.js:13:10:13:20 | 'SELECT $1' |
+| sequelize2.js:17:31:17:41 | '123 + 345' |
+| sequelize-types.ts:7:24:7:35 | 'SELECT 123' |
 | sequelize.js:8:17:8:118 | 'SELECT ... Y name' |
 | sequelizeImport.js:3:17:3:118 | 'SELECT ... Y name' |
 | spanner2.js:5:26:5:35 | "SQL code" |

javascript/ql/test/library-tests/frameworks/SQL/sequelize-types.ts

@@ -0,0 +1,9 @@
+import Sequelize from 'sequelize';
+
+export class Foo {
+    constructor(private seq: Sequelize) {}
+
+    method() {
+        this.seq.query('SELECT 123');
+    }
+}

javascript/ql/test/library-tests/frameworks/SQL/sequelize2.js

@@ -9,3 +9,9 @@ const sequelize = new Sequelize('database', {
 });
 sequelize.query('SELECT * FROM Products WHERE (name LIKE \'%' + criteria + '%\') AND deletedAt IS NULL) ORDER BY name');
 
+sequelize.query({
+  query: 'SELECT $1',
+  values: [123]
+});
+
+let value = Sequelize.literal('123 + 345');