JS: Add recursion guard test

Author: asgerf

javascript/ql/src/semmle/javascript/dataflow/Sources.qll

@@ -34,7 +34,11 @@ private import semmle.javascript.internal.CachedStages
  * ```
  */
 class SourceNode extends DataFlow::Node {
-  SourceNode() { this instanceof SourceNode::Range }
+  SourceNode() {
+    this instanceof SourceNode::Range
+    or
+    none() and this instanceof SourceNode::Internal::RecursionGuard
+  }
 
   /**
    * Holds if this node flows into `sink` in zero or more local (that is,
@@ -329,6 +333,12 @@ module SourceNode {
       DataFlow::functionReturnNode(this, _)
     }
   }
+
+  /** INTERNAL. DO NOT USE. */
+  module Internal {
+    /** An empty class that some tests are using to enforce that SourceNode is non-recursive. */
+    abstract class RecursionGuard extends DataFlow::Node {}
+  }
 }
 
 deprecated class DefaultSourceNode extends SourceNode {

javascript/ql/test/library-tests/RecursionPrevention/SourceNodeRange.expected

@@ -0,0 +1 @@
+| Success |

javascript/ql/test/library-tests/RecursionPrevention/SourceNodeRange.ql

@@ -0,0 +1,16 @@
+/**
+ * Test that fails to compile if the domain of `SourceNode::Range` depends on `SourceNode` (recursively).
+ *
+ * This tests adds a negative dependency `SourceNode --!--> SourceNode::Range`
+ * so that the undesired edge `SourceNode::Range --> SourceNode` completes a negative cycle.
+ */
+
+import javascript
+
+class BadSourceNodeRange extends DataFlow::SourceNode::Internal::RecursionGuard {
+  BadSourceNodeRange() {
+    not this instanceof DataFlow::SourceNode::Range
+  }
+}
+
+select "Success"