add support for the change-case library

Author: erik-krogh

javascript/change-notes/2021-07-12-case.md

@@ -0,0 +1,4 @@
+lgtm,codescanning
+* The dataflow libraries now model dataflow through case changing libraries.
+  Affected packages are
+    [change-case](https://www.npmjs.com/package/change-case)

javascript/ql/src/semmle/javascript/frameworks/StringFormatters.qll

@@ -103,3 +103,18 @@ private class LibraryFormatter extends PrintfStyleCall {
 
   override predicate returnsFormatted() { returns = true }
 }
+
+/**
+ * A taint step through a case changing function.
+ */
+private class CaseChangingStep extends TaintTracking::SharedTaintStep {
+  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(DataFlow::SourceNode callee, DataFlow::CallNode call |
+      callee = DataFlow::moduleMember("change-case", _)
+    |
+      call = callee.getACall() and
+      pred = call.getArgument(0) and
+      succ = call
+    )
+  }
+}

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

@@ -35,6 +35,7 @@ typeInferenceMismatch
 | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x |
 | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() |
 | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x |
+| case.js:2:16:2:23 | source() | case.js:5:8:5:35 | changeC ... source) |
 | closure.js:6:15:6:22 | source() | closure.js:8:8:8:31 | string. ... (taint) |
 | closure.js:6:15:6:22 | source() | closure.js:9:8:9:25 | string.trim(taint) |
 | closure.js:6:15:6:22 | source() | closure.js:10:8:10:33 | string. ... nt, 50) |

javascript/ql/test/library-tests/TaintTracking/case.js

@@ -0,0 +1,7 @@
+function foo() {
+  let source = source();
+  
+  const changeCase = require("change-case");
+  sink(changeCase.camelCase(source)); // NOT OK
+
+}