revert back to having 2 separate cases in JQuery::MethodCall

Author: erik-krogh

javascript/ql/src/semmle/javascript/frameworks/jQuery.qll

@@ -538,13 +538,12 @@ module JQuery {
     MethodCall() {
       this = dollarCall() and name = "$"
       or
+      this = ([dollar(), objectRef()]).getAMemberCall(name)
+      or
       // Handle basic dynamic method dispatch (e.g. `$element[html ? 'html' : 'text'](content)`)
       exists(DataFlow::PropRead read | read = this.getCalleeNode() |
         read.getBase().getALocalSource() = [dollar(), objectRef()] and
-        (
-          read.getPropertyNameExpr().flow().mayHaveStringValue(name) or
-          read.getPropertyName() = name
-        )
+        read.getPropertyNameExpr().flow().mayHaveStringValue(name)
       )
       or
       // Handle contributed JQuery objects that aren't source nodes (usually parameter uses)

javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom.expected

@@ -35,6 +35,9 @@ nodes
 | xss-through-dom.js:61:30:61:69 | $(docum ... value") |
 | xss-through-dom.js:61:30:61:69 | $(docum ... value") |
 | xss-through-dom.js:61:30:61:69 | $(docum ... value") |
+| xss-through-dom.js:64:30:64:40 | valMethod() |
+| xss-through-dom.js:64:30:64:40 | valMethod() |
+| xss-through-dom.js:64:30:64:40 | valMethod() |
 edges
 | xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() |
 | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
@@ -48,6 +51,7 @@ edges
 | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
 | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
 | xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") |
+| xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() |
 #select
 | xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() | Cross-site scripting vulnerability due to $@. | xss-through-dom.js:2:16:2:34 | $("textarea").val() | DOM text |
 | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | Cross-site scripting vulnerability due to $@. | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | DOM text |
@@ -61,3 +65,4 @@ edges
 | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | Cross-site scripting vulnerability due to $@. | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | DOM text |
 | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | Cross-site scripting vulnerability due to $@. | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | DOM text |
 | xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | Cross-site scripting vulnerability due to $@. | xss-through-dom.js:61:30:61:69 | $(docum ... value") | DOM text |
+| xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | Cross-site scripting vulnerability due to $@. | xss-through-dom.js:64:30:64:40 | valMethod() | DOM text |

javascript/ql/test/query-tests/Security/CWE-079/xss-through-dom.js

@@ -61,5 +61,5 @@
 	$("#id").get(0).innerHTML = $(document).find("option").attr("value"); // NOT OK.
 
 	var valMethod = $("textarea").val;
-	$("#id").get(0).innerHTML = valMethod(); // OK - Not a method call, not valid receiver for jQuery. 
+	$("#id").get(0).innerHTML = valMethod(); // NOT OK
 })();