Merge pull request github#2988 from asger-semmle/js/autoformat-again-again

Approved by esbena

Author: semmle-qlci

javascript/ql/src/Declarations/UnreachableMethodOverloads.ql

@@ -105,7 +105,8 @@ predicate signaturesMatch(MethodSignature method, MethodSignature other) {
     not exists(method.getBody().getThisTypeAnnotation()) and
     not exists(other.getBody().getThisTypeAnnotation())
     or
-    method.getBody().getThisTypeAnnotation().getType() = other.getBody().getThisTypeAnnotation().getType()
+    method.getBody().getThisTypeAnnotation().getType() =
+      other.getBody().getThisTypeAnnotation().getType()
   ) and
   // The types are compared in matchingCallSignature. This is sanity-check that the textual representation of the type-annotations are somewhat similar.
   forall(int i | i in [0 .. -1 + method.getBody().getNumParameter()] |

javascript/ql/src/semmle/javascript/StringOps.qll

@@ -67,7 +67,7 @@ module StringOps {
         inner.getEnclosingExpr() = callee.getAReturnedExpr() and
         this.getACallee() = callee and
         count(this.getACallee()) = 1 and
-        count(callee.getAReturnedExpr()) = 1 and 
+        count(callee.getAReturnedExpr()) = 1 and
         not this.isImprecise() and
         inner.getBaseString().getALocalSource().getEnclosingExpr() = callee.getAParameter() and
         inner.getSubstring().getALocalSource().getEnclosingExpr() = callee.getAParameter()
@@ -298,7 +298,7 @@ module StringOps {
         inner.getEnclosingExpr() = callee.getAReturnedExpr() and
         this.getACallee() = callee and
         count(this.getACallee()) = 1 and
-        count(callee.getAReturnedExpr()) = 1 and 
+        count(callee.getAReturnedExpr()) = 1 and
         not this.isImprecise() and
         inner.getBaseString().getALocalSource().getEnclosingExpr() = callee.getAParameter() and
         inner.getSubstring().getALocalSource().getEnclosingExpr() = callee.getAParameter()
@@ -321,7 +321,6 @@ module StringOps {
       override boolean getPolarity() { result = inner.getPolarity() }
     }
 
-
     /**
      * A call of form `A.endsWith(B)`.
      */

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

@@ -633,18 +633,19 @@ module NodeJSLib {
       result = getArgument(1)
     }
 
-    override predicate isSync() {
-      "Sync" = methodName.suffix(methodName.length() - 4)
-    }
+    override predicate isSync() { "Sync" = methodName.suffix(methodName.length() - 4) }
 
     override DataFlow::Node getOptionsArg() {
       not result.getALocalSource() instanceof DataFlow::FunctionNode and // looks like callback
       not result.getALocalSource() instanceof DataFlow::ArrayCreationNode and // looks like argumentlist
       not result = getArgument(0) and
       // fork/spawn and all sync methos always has options as the last argument
-      if methodName.regexpMatch("fork.*") or methodName.regexpMatch("spawn.*") or methodName.regexpMatch(".*Sync") then
-        result = getLastArgument()
-      else 
+      if
+        methodName.regexpMatch("fork.*") or
+        methodName.regexpMatch("spawn.*") or
+        methodName.regexpMatch(".*Sync")
+      then result = getLastArgument()
+      else
         // the rest (exec/execFile) has the options argument as their second last.
         result = getArgument(this.getNumArgument() - 2)
     }

javascript/ql/src/semmle/javascript/frameworks/ShellJS.qll

@@ -161,7 +161,7 @@ module ShellJS {
 
     override predicate isShellInterpreted(DataFlow::Node arg) { arg = getACommandArgument() }
 
-    override predicate isSync() {none ()}
+    override predicate isSync() { none() }
 
     override DataFlow::Node getOptionsArg() {
       result = getLastArgument() and

javascript/ql/src/semmle/javascript/security/UselessUseOfCat.qll

@@ -23,7 +23,9 @@ private class CommandCall extends DataFlow::InvokeNode {
   /**
    * Gets a list that specifies the arguments given to the command.
    */
-  DataFlow::ArrayCreationNode getArgumentList() { result = command.getArgumentList().getALocalSource() }
+  DataFlow::ArrayCreationNode getArgumentList() {
+    result = command.getArgumentList().getALocalSource()
+  }
 
   /**
    * Gets the callback (if it exists) for an async `exec`-like call.
@@ -75,8 +77,8 @@ private class CommandCall extends DataFlow::InvokeNode {
 }
 
 /**
- * Holds if the input `str` contains some character that might be interpreted in a non-trivial way by a shell. 
- */ 
+ * Holds if the input `str` contains some character that might be interpreted in a non-trivial way by a shell.
+ */
 bindingset[str]
 private predicate containsNonTrivialShellChar(string str) {
   exists(str.regexpFind("\\*|\\||>|<| |\\$|&|,|\\`| |;", _, _))
@@ -142,9 +144,7 @@ class UselessCat extends CommandCall {
 /**
  * Gets a string used to call `cat`.
  */
-private string getACatExecuteable() {
-  result = "cat" or result = "/bin/cat"
-}
+private string getACatExecuteable() { result = "cat" or result = "/bin/cat" }
 
 /**
  * Predicates for creating an equivalent call to `fs.readFile` from a command execution of `cat`.
@@ -173,11 +173,10 @@ module PrettyPrintCatCall {
         callback = "" and not exists(cat.getCallback())
       ) and
       fileArg = createFileArgument(cat).trim() and
-     // sanity check in case of surprising `toString` results, other uses of `containsNonTrivialBashChar` should ensure that this conjunct will hold most of the time
-      not(containsNonTrivialShellChar(fileArg.regexpReplaceAll("\\$|\\`| ", ""))) // string concat might contain " ", template strings might contain "$" or `, and that is OK. 
+      // sanity check in case of surprising `toString` results, other uses of `containsNonTrivialBashChar` should ensure that this conjunct will hold most of the time
+      not containsNonTrivialShellChar(fileArg.regexpReplaceAll("\\$|\\`| ", "")) // string concat might contain " ", template strings might contain "$" or `, and that is OK.
     |
-      result =
-        "fs.readFile" + sync + "(" + fileArg + extraArg + callback + ")"
+      result = "fs.readFile" + sync + "(" + fileArg + extraArg + callback + ")"
     )
   }
 

javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat.ql

@@ -19,10 +19,6 @@ select msg, comment
 
 query string readFile(UselessCat cat) { result = PrettyPrintCatCall::createReadFileCall(cat) }
 
-query SystemCommandExecution syncCommand() {
-  result.isSync()	
-}
+query SystemCommandExecution syncCommand() { result.isSync() }
 
-query DataFlow::Node options(SystemCommandExecution sys) {
-  result = sys.getOptionsArg()
-}
+query DataFlow::Node options(SystemCommandExecution sys) { result = sys.getOptionsArg() }