JS: Autoformat

Author: asgerf

javascript/ql/src/semmle/javascript/Expr.qll

@@ -2894,9 +2894,7 @@ class ImportMetaExpr extends @import_meta_expr, Expr {
  */
 class GeneratedCodeExpr extends @generated_code_expr, Expr {
   /** Gets the placeholder tag that was parsed as an expression. */
-  Templating::TemplatePlaceholderTag getPlaceholderTag() {
-    this = result.getEnclosingExpr()
-  }
+  Templating::TemplatePlaceholderTag getPlaceholderTag() { this = result.getEnclosingExpr() }
 
   override string getAPrimaryQlClass() { result = "GeneratedCodeExpr" }
 }

javascript/ql/src/semmle/javascript/frameworks/Fastify.qll

@@ -295,24 +295,14 @@ module Fastify {
    * Assumes the presense of a plugin that provides the `view` method, such as the `point-of-view` plugin.
    */
   private class ViewCall extends Templating::TemplateInstantiaton::Range, DataFlow::CallNode {
-    ViewCall() {
-      this = any(ReplySource rep).ref().getAMethodCall("view")
-    }
+    ViewCall() { this = any(ReplySource rep).ref().getAMethodCall("view") }
 
-    override DataFlow::SourceNode getOutput() {
-      result = getCallback(2).getParameter(1)
-    }
+    override DataFlow::SourceNode getOutput() { result = getCallback(2).getParameter(1) }
 
-    override DataFlow::Node getTemplateFileNode() {
-      result = getArgument(0)
-    }
+    override DataFlow::Node getTemplateFileNode() { result = getArgument(0) }
 
-    override DataFlow::Node getTemplateContentNode() {
-      none()
-    }
+    override DataFlow::Node getTemplateContentNode() { none() }
 
-    override DataFlow::Node getTemplateParamsNode() {
-      result = getArgument(1)
-    }
+    override DataFlow::Node getTemplateParamsNode() { result = getArgument(1) }
   }
 }

javascript/ql/src/semmle/javascript/frameworks/Hapi.qll

@@ -41,9 +41,7 @@ module Hapi {
     /**
      * Gets a source node referring to the request toolkit parameter, usually named `h`.
      */
-    DataFlow::SourceNode getRequestToolkit() {
-      result = getRequestToolkitParameter().flow()
-    }
+    DataFlow::SourceNode getRequestToolkit() { result = getRequestToolkitParameter().flow() }
   }
 
   /**
@@ -255,24 +253,14 @@ module Hapi {
    * A call to `h.view('file', { ... })` seen as a template instantiation.
    */
   private class ViewCall extends Templating::TemplateInstantiaton::Range, DataFlow::CallNode {
-    ViewCall() {
-      this = any(RouteHandler rh).getRequestToolkit().getAMethodCall("view")
-    }
+    ViewCall() { this = any(RouteHandler rh).getRequestToolkit().getAMethodCall("view") }
 
-    override DataFlow::SourceNode getOutput() {
-      none()
-    }
+    override DataFlow::SourceNode getOutput() { none() }
 
-    override DataFlow::Node getTemplateFileNode() {
-      result = getArgument(0)
-    }
+    override DataFlow::Node getTemplateFileNode() { result = getArgument(0) }
 
-    override DataFlow::Node getTemplateContentNode() {
-      none()
-    }
+    override DataFlow::Node getTemplateContentNode() { none() }
 
-    override DataFlow::Node getTemplateParamsNode() {
-      result = getArgument(1)
-    }
+    override DataFlow::Node getTemplateParamsNode() { result = getArgument(1) }
   }
 }

javascript/ql/src/semmle/javascript/frameworks/Koa.qll

@@ -122,9 +122,7 @@ module Koa {
     }
 
     /** Gets a source node that refers to this context object. */
-    DataFlow::SourceNode ref() {
-      result = ref(DataFlow::TypeTracker::end())
-    }
+    DataFlow::SourceNode ref() { result = ref(DataFlow::TypeTracker::end()) }
   }
 
   /**
@@ -436,21 +434,13 @@ module Koa {
   private class RenderCall extends Templating::TemplateInstantiaton::Range, DataFlow::CallNode {
     ContextSource ctx;
 
-    RenderCall() {
-      this = ctx.ref().getAMethodCall("render")
-    }
+    RenderCall() { this = ctx.ref().getAMethodCall("render") }
 
-    override DataFlow::SourceNode getOutput() {
-      none()
-    }
+    override DataFlow::SourceNode getOutput() { none() }
 
-    override DataFlow::Node getTemplateFileNode() {
-      result = getArgument(0)
-    }
+    override DataFlow::Node getTemplateFileNode() { result = getArgument(0) }
 
-    override DataFlow::Node getTemplateContentNode() {
-      none()
-    }
+    override DataFlow::Node getTemplateContentNode() { none() }
 
     override DataFlow::Node getTemplateParamsNode() {
       result = getArgument(1)

javascript/ql/src/semmle/javascript/frameworks/Templating.qll

@@ -125,9 +125,7 @@ module Templating {
     /**
      * Gets the innermost JavaScript expression containing this template tag, if any.
      */
-    Expr getEnclosingExpr() {
-      expr_contains_template_tag_location(result, getLocation())
-    }
+    Expr getEnclosingExpr() { expr_contains_template_tag_location(result, getLocation()) }
   }
 
   /**
@@ -210,9 +208,7 @@ module Templating {
      *
      * If not known, the relevant syntax will be determined by a heuristic.
      */
-    TemplateSyntax getTemplateSyntax() {
-      result = range.getTemplateSyntax()
-    }
+    TemplateSyntax getTemplateSyntax() { result = range.getTemplateSyntax() }
   }
 
   /** Companion module to the `TemplateInstantiation` class. */
@@ -244,7 +240,12 @@ module Templating {
     exists(TemplateInstantiaton inst, API::Node base, string name |
       base.getARhs() = inst.getTemplateParamsNode() and
       result = base.getMember(name) and
-      succ = inst.getTemplateFile().getAnImportedFile*().getAPlaceholder().getInnerTopLevel().getAVariableUse(name)
+      succ =
+        inst.getTemplateFile()
+            .getAnImportedFile*()
+            .getAPlaceholder()
+            .getInnerTopLevel()
+            .getAVariableUse(name)
     )
     or
     exists(string prop, DataFlow::SourceNode prev |
@@ -322,7 +323,10 @@ module Templating {
 
     /** Gets the template file referenced by this node. */
     final TemplateFile getTemplateFile() {
-      result = this.getValue().(TemplateFileReferenceString).getTemplateFile(getFile().getParentContainer())
+      result =
+        this.getValue()
+            .(TemplateFileReferenceString)
+            .getTemplateFile(getFile().getParentContainer())
     }
   }
 
@@ -386,18 +390,12 @@ module Templating {
   private class UpwardTraversalSuffix extends TemplateFileReferenceString {
     TemplateFileReferenceString original;
 
-    UpwardTraversalSuffix() {
-      original = "../" + this
-    }
+    UpwardTraversalSuffix() { original = "../" + this }
 
-    override Folder getContextFolder() {
-      result = original.getContextFolder().getParentContainer()
-    }
+    override Folder getContextFolder() { result = original.getContextFolder().getParentContainer() }
 
     /** Gets the original string including the `../` prefix. */
-    TemplateFileReferenceString getOriginal() {
-      result = original
-    }
+    TemplateFileReferenceString getOriginal() { result = original }
   }
 
   /**
@@ -484,7 +482,9 @@ module Templating {
    * and vice versa in `B/components/foo.js`.
    */
   pragma[nomagic]
-  private int getRankOfMatchingTarget(TemplateFile file, Folder baseFolder, TemplateFileReferenceString ref) {
+  private int getRankOfMatchingTarget(
+    TemplateFile file, Folder baseFolder, TemplateFileReferenceString ref
+  ) {
     file = getAMatchingTarget(ref) and
     baseFolder = ref.getContextFolder() and
     exists(string filePath, string refPath |
@@ -663,33 +663,31 @@ module Templating {
     string rawPath;
 
     TemplateInclusionTag() {
-      rawPath = getRawText().regexpCapture("[{<]% *(?:import|include|extend|require)s? *(?:[(] *)?['\"]?(.*?)['\"]? *(?:[)] *)?%[}>]", 1)
+      rawPath =
+        getRawText()
+            .regexpCapture("[{<]% *(?:import|include|extend|require)s? *(?:[(] *)?['\"]?(.*?)['\"]? *(?:[)] *)?%[}>]",
+              1)
       or
       rawPath = getRawText().regexpCapture("\\{\\{!?[<>](.*?)\\}\\}", 1)
     }
 
     /** Gets the imported path (normalized). */
-    string getPath() {
-      result = rawPath.trim().replaceAll("\\", "/").regexpReplaceAll("^\\./", "")
-    }
+    string getPath() { result = rawPath.trim().replaceAll("\\", "/").regexpReplaceAll("^\\./", "") }
 
     /** Gets the file referenced by this inclusion tag. */
     TemplateFile getImportedFile() {
-      result = getPath().(TemplateFileReferenceString).getTemplateFile(getFile().getParentContainer())
+      result =
+        getPath().(TemplateFileReferenceString).getTemplateFile(getFile().getParentContainer())
     }
   }
 
   /** The imported string from a template inclusion tag. */
   private class TemplateInclusionPathString extends TemplateFileReferenceString {
     TemplateInclusionTag tag;
 
-    TemplateInclusionPathString() {
-      this = tag.getPath()
-    }
+    TemplateInclusionPathString() { this = tag.getPath() }
 
-    override Folder getContextFolder() {
-      result = tag.getFile().getParentContainer()
-    }
+    override Folder getContextFolder() { result = tag.getFile().getParentContainer() }
   }
 
   /**
@@ -698,13 +696,9 @@ module Templating {
   private class ConsolidateCall extends TemplateInstantiaton::Range, API::CallNode {
     string engine;
 
-    ConsolidateCall() {
-      this = API::moduleImport("consolidate").getMember(engine).getACall()
-    }
+    ConsolidateCall() { this = API::moduleImport("consolidate").getMember(engine).getACall() }
 
-    override TemplateSyntax getTemplateSyntax() {
-      result.getAPackageName() = engine
-    }
+    override TemplateSyntax getTemplateSyntax() { result.getAPackageName() = engine }
 
     override DataFlow::SourceNode getOutput() {
       result = getParameter([1, 2]).getParameter(1).getAnImmediateUse()
@@ -713,16 +707,10 @@ module Templating {
       result = this
     }
 
-    override DataFlow::Node getTemplateFileNode() {
-      result = getArgument(0)
-    }
+    override DataFlow::Node getTemplateFileNode() { result = getArgument(0) }
 
-    override DataFlow::Node getTemplateContentNode() {
-      none()
-    }
+    override DataFlow::Node getTemplateContentNode() { none() }
 
-    override DataFlow::Node getTemplateParamsNode() {
-      result = getArgument(1)
-    }
+    override DataFlow::Node getTemplateParamsNode() { result = getArgument(1) }
   }
 }

javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll

@@ -77,24 +77,27 @@ module CodeInjection {
         //
         // For example, setting foo to `\` and bar to `, alert(1));//`, code injection is obtained.
         tag.isInScriptTag() and
-        not tag.getEnclosingExpr() = getLastStringWithPlaceholderOnLine(tag.getLocation().getFile(), tag.getLocation().getStartLine())
+        not tag.getEnclosingExpr() =
+          getLastStringWithPlaceholderOnLine(tag.getLocation().getFile(),
+            tag.getLocation().getStartLine())
       )
     }
   }
 
   /** Gets the last string literal containing a template placeholder on the given line. */
   pragma[nomagic]
   private StringLiteral getLastStringWithPlaceholderOnLine(File file, int line) {
-    result = max(StringLiteral lit, Location loc |
-      loc = lit.getLocation() and
-      loc.getFile() = file and
-      loc.getStartLine() = line and
-      lit = any(Templating::TemplatePlaceholderTag tag | tag.isEscapingInterpolation()).getEnclosingExpr()
-    |
-      lit
-      order by
-      loc.getStartColumn()
-    )
+    result =
+      max(StringLiteral lit, Location loc |
+        loc = lit.getLocation() and
+        loc.getFile() = file and
+        loc.getStartLine() = line and
+        lit =
+          any(Templating::TemplatePlaceholderTag tag | tag.isEscapingInterpolation())
+              .getEnclosingExpr()
+      |
+        lit order by loc.getStartColumn()
+      )
   }
 
   /**

javascript/ql/src/semmle/javascript/security/dataflow/FileAccessToHttpCustomizations.qll

@@ -48,18 +48,14 @@ module FileAccessToHttp {
    * A property access to `length`, seen as a sanitizer as it likely contains a number.
    */
   private class LengthAccessAsSanitizer extends Sanitizer {
-    LengthAccessAsSanitizer() {
-      this.(DataFlow::PropRead).getPropertyName() = "length"
-    }
+    LengthAccessAsSanitizer() { this.(DataFlow::PropRead).getPropertyName() = "length" }
   }
 
   /**
    * A generated code expression, seen as a sanitizer, to block flow from a file
    * sent to the client via a template.
    */
   private class GeneratedCodeAsSanitizer extends Sanitizer {
-    GeneratedCodeAsSanitizer() {
-      this.asExpr() instanceof GeneratedCodeExpr
-    }
+    GeneratedCodeAsSanitizer() { this.asExpr() instanceof GeneratedCodeExpr }
   }
 }

javascript/ql/test/library-tests/frameworks/Templating/test.ql

@@ -2,7 +2,9 @@ import javascript
 import semmle.javascript.security.dataflow.Xss
 import semmle.javascript.security.dataflow.CodeInjectionCustomizations
 
-query Templating::TemplateSyntax getTemplateInstantiationSyntax(Templating::TemplateInstantiaton inst) {
+query Templating::TemplateSyntax getTemplateInstantiationSyntax(
+  Templating::TemplateInstantiaton inst
+) {
   result = inst.getTemplateSyntax()
 }
 
@@ -14,10 +16,6 @@ query Templating::TemplateFile getTargetFile(Templating::TemplateInstantiaton in
   result = inst.getTemplateFile()
 }
 
-query DomBasedXss::Sink xssSink() {
-  any()
-}
+query DomBasedXss::Sink xssSink() { any() }
 
-query CodeInjection::Sink codeInjectionSink() {
-  any()
-}
+query CodeInjection::Sink codeInjectionSink() { any() }