@@ -23,13 +23,18 @@ private module NextJS {
2323 result = getAPagesFolder ( ) .getAFolder ( )
2424 }
2525
26+ /**
27+ * Gets a module corrosponding to a `Next.js` page.
28+ */
29+ Module getAPagesModule ( ) { result .getFile ( ) .getParentContainer ( ) = getAPagesFolder ( ) }
30+
2631 /**
2732 * Gets a module inside a "pages" folder where `fallback` from `getStaticPaths` is not set to false.
2833 * In such a module the `getStaticProps` method can be called with user-defined parameters.
2934 * If `fallback` is set to false, then only values defined by `getStaticPaths` are allowed.
3035 */
3136 Module getAModuleWithFallbackPaths ( ) {
32- result . getFile ( ) . getParentContainer ( ) = getAPagesFolder ( ) and
37+ result = getAPagesModule ( ) and
3338 exists ( DataFlow:: FunctionNode staticPaths , Expr fallback |
3439 staticPaths = result .getAnExportedValue ( "getStaticPaths" ) .getAFunctionValue ( ) and
3540 fallback =
@@ -53,4 +58,21 @@ private module NextJS {
5358
5459 override string getSourceType ( ) { result = "Next request parameter" }
5560 }
61+
62+ /**
63+ * A step modelling the flow from the server-computed `getStaticProps` to the server/client rendering of the page.
64+ */
65+ class NextJSStaticPropsStep extends DataFlow:: AdditionalFlowStep , DataFlow:: FunctionNode {
66+ Module pageModule ;
67+
68+ NextJSStaticPropsStep ( ) {
69+ pageModule = getAPagesModule ( ) and
70+ this = pageModule .getAnExportedValue ( "getStaticProps" ) .getAFunctionValue ( )
71+ }
72+
73+ override predicate step ( DataFlow:: Node pred , DataFlow:: Node succ ) {
74+ pred = this .getAReturn ( ) .getALocalSource ( ) .getAPropertyWrite ( "props" ) .getRhs ( ) and
75+ succ = pageModule .getAnExportedValue ( "default" ) .getAFunctionValue ( ) .getParameter ( 0 )
76+ }
77+ }
5678}
0 commit comments