Merge pull request github#13015 from kaspersv/kaspersv/js-explicit-this-receivers2

JS: Make implicit this receivers explicit

Author: erik-krogh

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll

@@ -220,7 +220,7 @@ private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {
   ) {
     endpointClass instanceof XssSinkType and
     isPositiveIndicator = true and
-    confidence = maximalConfidence()
+    confidence = this.maximalConfidence()
   }
 }
 
@@ -238,7 +238,7 @@ private class TaintedPathSinkCharacteristic extends EndpointCharacteristic {
   ) {
     endpointClass instanceof TaintedPathSinkType and
     isPositiveIndicator = true and
-    confidence = maximalConfidence()
+    confidence = this.maximalConfidence()
   }
 }
 
@@ -256,7 +256,7 @@ private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {
   ) {
     endpointClass instanceof SqlInjectionSinkType and
     isPositiveIndicator = true and
-    confidence = maximalConfidence()
+    confidence = this.maximalConfidence()
   }
 }
 
@@ -274,7 +274,7 @@ private class NosqlInjectionSinkCharacteristic extends EndpointCharacteristic {
   ) {
     endpointClass instanceof NosqlInjectionSinkType and
     isPositiveIndicator = true and
-    confidence = maximalConfidence()
+    confidence = this.maximalConfidence()
   }
 }
 
@@ -296,7 +296,7 @@ private class ShellCommandInjectionFromEnvironmentSinkCharacteristic extends End
   ) {
     endpointClass instanceof ShellCommandInjectionFromEnvironmentSinkType and
     isPositiveIndicator = true and
-    confidence = maximalConfidence()
+    confidence = this.maximalConfidence()
   }
 }
 
@@ -335,7 +335,7 @@ abstract private class NotASinkCharacteristic extends EndpointCharacteristic {
   ) {
     endpointClass instanceof NegativeType and
     isPositiveIndicator = true and
-    confidence = highConfidence()
+    confidence = this.highConfidence()
   }
 }
 
@@ -354,7 +354,7 @@ abstract class LikelyNotASinkCharacteristic extends EndpointCharacteristic {
   ) {
     endpointClass instanceof NegativeType and
     isPositiveIndicator = true and
-    confidence = mediumConfidence()
+    confidence = this.mediumConfidence()
   }
 }
 
@@ -685,7 +685,7 @@ abstract private class StandardEndpointFilterCharacteristic extends EndpointFilt
   ) {
     endpointClass instanceof NegativeType and
     isPositiveIndicator = true and
-    confidence = mediumConfidence()
+    confidence = this.mediumConfidence()
   }
 }
 
@@ -786,7 +786,7 @@ abstract private class NosqlInjectionSinkEndpointFilterCharacteristic extends En
   ) {
     endpointClass instanceof NosqlInjectionSinkType and
     isPositiveIndicator = false and
-    confidence = mediumConfidence()
+    confidence = this.mediumConfidence()
   }
 }
 
@@ -817,7 +817,7 @@ private class ModeledSinkCharacteristic extends NosqlInjectionSinkEndpointFilter
   override predicate appliesToEndpoint(DataFlow::Node n) {
     exists(DataFlow::CallNode call | n = call.getAnArgument() |
       // Remove modeled sinks
-      isArgumentToKnownLibrarySinkFunction(n)
+      this.isArgumentToKnownLibrarySinkFunction(n)
     )
   }
 }
@@ -928,7 +928,7 @@ abstract private class SqlInjectionSinkEndpointFilterCharacteristic extends Endp
   ) {
     endpointClass instanceof SqlInjectionSinkType and
     isPositiveIndicator = false and
-    confidence = mediumConfidence()
+    confidence = this.mediumConfidence()
   }
 }
 
@@ -1002,7 +1002,7 @@ abstract private class TaintedPathSinkEndpointFilterCharacteristic extends Endpo
   ) {
     endpointClass instanceof TaintedPathSinkType and
     isPositiveIndicator = false and
-    confidence = mediumConfidence()
+    confidence = this.mediumConfidence()
   }
 }
 
@@ -1055,7 +1055,7 @@ abstract private class XssSinkEndpointFilterCharacteristic extends EndpointFilte
   ) {
     endpointClass instanceof XssSinkType and
     isPositiveIndicator = false and
-    confidence = mediumConfidence()
+    confidence = this.mediumConfidence()
   }
 }
 

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll

@@ -24,7 +24,7 @@ abstract class EndpointType extends TEndpointType {
    */
   abstract int getEncoding();
 
-  string toString() { result = getDescription() }
+  string toString() { result = this.getDescription() }
 }
 
 /** The `Negative` class that can be predicted by endpoint scoring models. */

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll

@@ -33,7 +33,7 @@ class NosqlInjectionAtmConfig extends AtmConfig {
     sink.(NosqlInjection::Sink).getAFlowLabel() = label
     or
     // Allow effective sinks to have any taint label
-    isEffectiveSink(sink)
+    this.isEffectiveSink(sink)
   }
 
   override predicate isSanitizer(DataFlow::Node node) {
@@ -49,11 +49,11 @@ class NosqlInjectionAtmConfig extends AtmConfig {
     DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
   ) {
     // additional flow steps from the base (non-boosted) security query
-    isBaseAdditionalFlowStep(src, trg, inlbl, outlbl)
+    this.isBaseAdditionalFlowStep(src, trg, inlbl, outlbl)
     or
     // relaxed version of previous step to track taint through unmodeled NoSQL query objects
-    isEffectiveSink(trg) and
-    src = getASubexpressionWithinQuery(trg)
+    this.isEffectiveSink(trg) and
+    src = this.getASubexpressionWithinQuery(trg)
   }
 
   /** Holds if src -> trg is an additional flow step in the non-boosted NoSql injection security query. */
@@ -80,9 +80,9 @@ class NosqlInjectionAtmConfig extends AtmConfig {
    * involving more complex queries.
    */
   private DataFlow::Node getASubexpressionWithinQuery(DataFlow::Node query) {
-    isEffectiveSink(query) and
+    this.isEffectiveSink(query) and
     exists(DataFlow::SourceNode receiver |
-      receiver = [getASubexpressionWithinQuery(query), query].getALocalSource()
+      receiver = [this.getASubexpressionWithinQuery(query), query].getALocalSource()
     |
       result =
         [

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll

@@ -25,7 +25,7 @@ class TaintedPathAtmConfig extends AtmConfig {
     label = sink.(TaintedPath::Sink).getAFlowLabel()
     or
     // Allow effective sinks to have any taint label
-    isEffectiveSink(sink)
+    this.isEffectiveSink(sink)
   }
 
   override predicate isSanitizer(DataFlow::Node node) { node instanceof TaintedPath::Sanitizer }
@@ -54,10 +54,10 @@ class TaintedPathAtmConfig extends AtmConfig {
 private class BarrierGuardNodeAsSanitizerGuardNode extends TaintTracking::LabeledSanitizerGuardNode instanceof TaintedPath::BarrierGuardNode
 {
   override predicate sanitizes(boolean outcome, Expr e) {
-    blocks(outcome, e) or blocks(outcome, e, _)
+    this.blocks(outcome, e) or this.blocks(outcome, e, _)
   }
 
   override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {
-    sanitizes(outcome, e) and exists(label)
+    this.sanitizes(outcome, e) and exists(label)
   }
 }

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Labels.qll

@@ -13,7 +13,7 @@ newtype TEndpointLabel =
 abstract class EndpointLabel extends TEndpointLabel {
   abstract string getEncoding();
 
-  string toString() { result = getEncoding() }
+  string toString() { result = this.getEncoding() }
 }
 
 class SinkLabel extends EndpointLabel, TSinkLabel {

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll

@@ -15,7 +15,7 @@ newtype TQuery =
 abstract class Query extends TQuery {
   abstract string getName();
 
-  string toString() { result = getName() }
+  string toString() { result = this.getName() }
 }
 
 class NosqlInjectionQuery extends Query, TNosqlInjectionQuery {