JS: Extend getABulkExportedNode and use it in PackageExports

asgerf · asgerf · commit 4b1f918feb0b · 2021-09-01T13:24:23.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/AMD.qll b/javascript/ql/lib/semmle/javascript/AMD.qll
@@ -313,6 +313,19 @@ class AmdModule extends Module {
       name = pwn.getPropertyName()
     )
   }
+
+  override DataFlow::Node getABulkExportedNode() {
+    // Assigned to `module.exports` via the factory's `module` parameter
+    exists(AbstractModuleObject m, DataFlow::PropWrite write |
+      m.getModule() = this and
+      write.getPropertyName() = "exports" and
+      write.getBase().analyze().getAValue() = m and
+      result = write.getRhs()
+    )
+    or
+    // Returned from factory function
+    result = getDefine().getModuleExpr().flow()
+  }
 }
 
 /**
diff --git a/javascript/ql/lib/semmle/javascript/Closure.qll b/javascript/ql/lib/semmle/javascript/Closure.qll
@@ -177,6 +177,10 @@ module Closure {
         )
       )
     }
+
+    override DataFlow::Node getABulkExportedNode() {
+      result = getExportsVariable().getAnAssignedExpr().flow()
+    }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/PackageExports.qll b/javascript/ql/lib/semmle/javascript/PackageExports.qll
@@ -171,4 +171,6 @@ private DataFlow::Node getAnExportFromModule(Module mod) {
   result.analyze().getAValue() = mod.(AmdModule).getDefine().getAModuleExportsValue()
   or
   result = mod.getAnExportedValue(_)
+  or
+  result = mod.getABulkExportedNode()
 }

Original file line number	Diff line number	Diff line change
`@@ -313,6 +313,19 @@ class AmdModule extends Module {`
`313`	`313`	`name = pwn.getPropertyName()`
`314`	`314`	`)`
`315`	`315`	`}`
	`316`	`+`
	`317`	`+ override DataFlow::Node getABulkExportedNode() {`
	`318`	+ // Assigned to `module.exports` via the factory's `module` parameter
	`319`	`+ exists(AbstractModuleObject m, DataFlow::PropWrite write \|`
	`320`	`+ m.getModule() = this and`
	`321`	`+ write.getPropertyName() = "exports" and`
	`322`	`+ write.getBase().analyze().getAValue() = m and`
	`323`	`+ result = write.getRhs()`
	`324`	`+ )`
	`325`	`+ or`
	`326`	`+ // Returned from factory function`
	`327`	`+ result = getDefine().getModuleExpr().flow()`
	`328`	`+ }`
`316`	`329`	`}`
`317`	`330`
`318`	`331`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -177,6 +177,10 @@ module Closure {`
`177`	`177`	`)`
`178`	`178`	`)`
`179`	`179`	`}`
	`180`	`+`
	`181`	`+ override DataFlow::Node getABulkExportedNode() {`
	`182`	`+ result = getExportsVariable().getAnAssignedExpr().flow()`
	`183`	`+ }`
`180`	`184`	`}`
`181`	`185`
`182`	`186`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -171,4 +171,6 @@ private DataFlow::Node getAnExportFromModule(Module mod) {`
`171`	`171`	`result.analyze().getAValue() = mod.(AmdModule).getDefine().getAModuleExportsValue()`
`172`	`172`	`or`
`173`	`173`	`result = mod.getAnExportedValue(_)`
	`174`	`+ or`
	`175`	`+ result = mod.getABulkExportedNode()`
`174`	`176`	`}`