more precise warning message for implicit string/number conversions

erik-krogh · erik-krogh · commit f55005a0ec93 · 2020-03-30T11:17:56.000+02:00
diff --git a/javascript/ql/src/Expressions/ImplicitOperandConversion.ql b/javascript/ql/src/Expressions/ImplicitOperandConversion.ql
@@ -162,7 +162,26 @@ abstract class NullOrUndefinedConversion extends ImplicitConversion {
 class PlusConversion extends NullOrUndefinedConversion {
   PlusConversion() { parent instanceof AddExpr or parent instanceof AssignAddExpr }
 
-  override string getConversionTarget() { result = "number or string" }
+  override string getConversionTarget() {
+    result = getDefiniteCousinType()
+    or
+    not exists(getDefiniteCousinType()) and
+    result = "number or string"
+  }
+
+  /**
+   * Gets the cousin of this implicit conversion.
+   * E.g. if this is `a` in the expression `a + b`, then the cousin is `b`.
+   */
+  private Expr getCousin() { result = parent.getAChild() and not result = this.getEnclosingExpr() }
+
+  /**
+   * Gets the unique type of the cousin expression, if that type is `string` or `number`.
+   */
+  private string getDefiniteCousinType() {
+    result = unique(InferredType t | t = getCousin().flow().analyze().getAType()).getTypeofTag() and
+    result = ["string", "number"]
+  }
 }
 
 /**
diff --git a/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.expected b/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/ImplicitOperandConversion.expected
@@ -3,11 +3,13 @@
 | tst.js:20:6:20:13 | 'string' | This expression will be implicitly converted from string to object. |
 | tst.js:26:13:26:53 | "Settin ... o '%s'" | This expression will be implicitly converted from string to number. |
 | tst.js:29:18:29:26 | !callback | This expression will be implicitly converted from boolean to object. |
-| tst.js:53:5:53:10 | void 0 | This expression will be implicitly converted from undefined to number or string. |
+| tst.js:53:5:53:10 | void 0 | This expression will be implicitly converted from undefined to number. |
 | tst.js:61:3:61:3 | x | This expression will be implicitly converted from undefined to number. |
 | tst.js:67:8:67:8 | y | This expression will be implicitly converted from undefined to number. |
 | tst.js:73:5:73:5 | x | This expression will be implicitly converted from undefined to number. |
 | tst.js:79:19:79:22 | name | This expression will be implicitly converted from undefined to string. |
 | tst.js:85:3:85:3 | x | This expression will be implicitly converted from undefined to number. |
 | tst.js:100:5:100:7 | f() | This expression will be implicitly converted from undefined to number. |
 | tst.js:106:5:106:7 | g() | This expression will be implicitly converted from undefined to number. |
+| tst.js:109:13:109:15 | g() | This expression will be implicitly converted from undefined to number. |
+| tst.js:110:13:110:15 | g() | This expression will be implicitly converted from undefined to string. |
diff --git a/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/tst.js b/javascript/ql/test/query-tests/Expressions/ImplicitOperandConversion/tst.js
@@ -105,5 +105,8 @@ function l() {
     }
     g()|0;
     g();
+
+    var a = g() + 2;
+    var b = g() + "str";
 });
 

Original file line number	Diff line number	Diff line change
`@@ -105,5 +105,8 @@ function l() {`
`105`	`105`	`}`
`106`	`106`	`g()\|0;`
`107`	`107`	`g();`
	`108`	`+`
	`109`	`+ var a = g() + 2;`
	`110`	`+ var b = g() + "str";`
`108`	`111`	`});`
`109`	`112`