JS: Port step for dynamic imports

asgerf · asgerf · commit 7cfe3dae85a9 · 2024-08-23T10:07:28.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/Promises.qll b/javascript/ql/lib/semmle/javascript/Promises.qll
@@ -705,7 +705,6 @@ private module DynamicImportSteps {
    */
   class DynamicImportStep extends LegacyPreCallGraphStep {
     override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) {
-      // TODO: this step needs to be ported to dataflow2
       exists(DynamicImportExpr imprt |
         pred = imprt.getImportedModule().getAnExportedValue("default") and
         succ = imprt.flow() and
diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll
@@ -9,3 +9,4 @@ private import Maps
 private import Promises
 private import Sets
 private import Strings
+private import DynamicImportStep
diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/DynamicImportStep.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/DynamicImportStep.qll
@@ -0,0 +1,39 @@
+/**
+ * Contains flow steps to model flow from a module into a dynamic `import()` expression.
+ */
+
+private import javascript
+private import semmle.javascript.dataflow.internal.DataFlowNode
+private import semmle.javascript.dataflow.internal.AdditionalFlowInternal
+private import semmle.javascript.dataflow.internal.DataFlowPrivate
+
+/**
+ * Flow steps for dynamic import expressions.
+ *
+ * The default export of the imported module must be boxed in a promise, so we pass
+ * it through a synthetic node.
+ */
+class DynamicImportStep extends AdditionalFlowInternal {
+  override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) {
+    node instanceof DynamicImportExpr and
+    tag = "imported-value" and
+    container.asSourceCallable() = node.getContainer()
+  }
+
+  override predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(DynamicImportExpr expr |
+      pred = expr.getImportedModule().getAnExportedValue("default") and
+      succ = getSynthesizedNode(expr, "imported-value")
+    )
+  }
+
+  override predicate storeStep(
+    DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ
+  ) {
+    exists(DynamicImportExpr expr |
+      pred = getSynthesizedNode(expr, "imported-value") and
+      contents = DataFlow::ContentSet::promiseValue() and
+      succ = TValueNode(expr)
+    )
+  }
+}
