change join order for SystemCommandExecutors - and use ApiGraphs::getACall

erik-krogh · erik-krogh · commit 539ef49b1109 · 2021-02-23T12:49:25.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/SystemCommandExecutors.qll b/javascript/ql/src/semmle/javascript/frameworks/SystemCommandExecutors.qll
@@ -5,33 +5,29 @@
 
 import javascript
 
-private predicate execApi(string mod, string fn, int cmdArg, int optionsArg, boolean shell) {
-  mod = "cross-spawn" and
-  fn = "sync" and
-  cmdArg = 0 and
-  shell = false and
-  optionsArg = -1
-  or
-  mod = "execa" and
-  optionsArg = -1 and
+pragma[noinline]
+private predicate execApi(
+  string mod, string fn, int cmdArg, int optionsArg, boolean shell, boolean sync
+) {
+  sync = getSync(fn) and
   (
+    mod = "cross-spawn" and
+    fn = "sync" and
+    cmdArg = 0 and
     shell = false and
-    (
-      fn = "node" or
-      fn = "stdout" or
-      fn = "stderr" or
-      fn = "sync"
-    )
+    optionsArg = -1
     or
-    shell = true and
+    mod = "execa" and
+    optionsArg = -1 and
     (
-      fn = "command" or
-      fn = "commandSync" or
-      fn = "shell" or
-      fn = "shellSync"
-    )
-  ) and
-  cmdArg = 0
+      shell = false and
+      fn = ["node", "stdout", "stderr", "sync"]
+      or
+      shell = true and
+      fn = ["command", "commandSync", "shell", "shellSync"]
+    ) and
+    cmdArg = 0
+  )
 }
 
 private predicate execApi(string mod, int cmdArg, int optionsArg, boolean shell) {
@@ -61,17 +57,16 @@ private class SystemCommandExecutors extends SystemCommandExecution, DataFlow::I
   SystemCommandExecutors() {
     exists(string mod |
       exists(string fn |
-        execApi(mod, fn, cmdArg, optionsArg, shell) and
-        sync = getSync(fn) and
-        this = API::moduleImport(mod).getMember(fn).getReturn().getAUse()
+        execApi(mod, fn, cmdArg, optionsArg, shell, sync) and
+        this = API::moduleImport(mod).getMember(fn).getAnInvocation()
       )
       or
       execApi(mod, cmdArg, optionsArg, shell) and
       sync = false and
-      this = API::moduleImport(mod).getReturn().getAUse()
+      this = API::moduleImport(mod).getAnInvocation()
     )
     or
-    this = API::moduleImport("foreground-child").getReturn().getAUse() and
+    this = API::moduleImport("foreground-child").getACall() and
     cmdArg = 0 and
     optionsArg = 1 and
     shell = false and
@@ -115,19 +110,19 @@ private class RemoteCommandExecutor extends SystemCommandExecution, DataFlow::In
   int cmdArg;
 
   RemoteCommandExecutor() {
-    this = API::moduleImport("remote-exec").getReturn().getAUse() and
+    this = API::moduleImport("remote-exec").getACall() and
     cmdArg = 1
     or
     exists(API::Node ssh2, API::Node client |
       ssh2 = API::moduleImport("ssh2") and
       client in [ssh2, ssh2.getMember("Client")] and
-      this = client.getInstance().getMember("exec").getReturn().getAUse() and
+      this = client.getInstance().getMember("exec").getACall() and
       cmdArg = 0
     )
     or
     exists(API::Node ssh2stream |
       ssh2stream = API::moduleImport("ssh2-streams").getMember("SSH2Stream") and
-      this = ssh2stream.getInstance().getMember("exec").getReturn().getAUse() and
+      this = ssh2stream.getInstance().getMember("exec").getACall() and
       cmdArg = 1
     )
   }
@@ -142,7 +137,7 @@ private class RemoteCommandExecutor extends SystemCommandExecution, DataFlow::In
 }
 
 private class Opener extends SystemCommandExecution, DataFlow::InvokeNode {
-  Opener() { this = API::moduleImport("opener").getReturn().getAUse() }
+  Opener() { this = API::moduleImport("opener").getACall() }
 
   override DataFlow::Node getACommandArgument() { result = getOptionArgument(1, "command") }
 
