JS: Tweak evaluation of route handler params

asgerf · asgerf · commit 659e2ff709c2 · 2020-05-15T09:59:27.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/ConnectExpressShared.qll b/javascript/ql/src/semmle/javascript/frameworks/ConnectExpressShared.qll
@@ -81,6 +81,7 @@ module ConnectExpressShared {
    *
    * `kind` is one of: "error", "request", "response", "next".
    */
+  pragma[inline]
   Parameter getRouteParameterHandlerParameter(Function routeHandler, string kind) {
     result =
       getRouteHandlerParameter(routeHandler, RouteHandlerSignature::requestResponseNextParameter(),
@@ -92,6 +93,7 @@ module ConnectExpressShared {
    *
    * `kind` is one of: "error", "request", "response", "next".
    */
+  pragma[inline]
   Parameter getRouteHandlerParameter(Function routeHandler, string kind) {
     if routeHandler.getNumParameter() = 4
     then
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Firebase.qll b/javascript/ql/src/semmle/javascript/frameworks/Firebase.qll
@@ -219,12 +219,14 @@ module Firebase {
      */
     private class RouteHandler extends Express::RouteHandler, HTTP::Servers::StandardRouteHandler,
       DataFlow::ValueNode {
+      override Function astNode;
+
       RouteHandler() { this = any(RouteSetup setup).getARouteHandler() }
 
       override SimpleParameter getRouteHandlerParameter(string kind) {
-        kind = "request" and result = this.(DataFlow::FunctionNode).getParameter(0).getParameter()
+        kind = "request" and result = astNode.getParameter(0)
         or
-        kind = "response" and result = this.(DataFlow::FunctionNode).getParameter(1).getParameter()
+        kind = "response" and result = astNode.getParameter(1)
       }
     }
   }
diff --git a/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll b/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll
@@ -370,6 +370,7 @@ module HTTP {
       /**
        * Gets a route handler that is defined by this setup.
        */
+      pragma[nomagic]
       abstract DataFlow::SourceNode getARouteHandler();
 
       /**

Original file line number	Diff line number	Diff line change
`@@ -219,12 +219,14 @@ module Firebase {`
`219`	`219`	`*/`
`220`	`220`	`private class RouteHandler extends Express::RouteHandler, HTTP::Servers::StandardRouteHandler,`
`221`	`221`	`DataFlow::ValueNode {`
	`222`	`+ override Function astNode;`
	`223`	`+`
`222`	`224`	`RouteHandler() { this = any(RouteSetup setup).getARouteHandler() }`
`223`	`225`
`224`	`226`	`override SimpleParameter getRouteHandlerParameter(string kind) {`
`225`		`- kind = "request" and result = this.(DataFlow::FunctionNode).getParameter(0).getParameter()`
	`227`	`+ kind = "request" and result = astNode.getParameter(0)`
`226`	`228`	`or`
`227`		`- kind = "response" and result = this.(DataFlow::FunctionNode).getParameter(1).getParameter()`
	`229`	`+ kind = "response" and result = astNode.getParameter(1)`
`228`	`230`	`}`
`229`	`231`	`}`
`230`	`232`	`}`