WIP: test structure and ultimate source query

solutions/UltimateSource.ql

@@ -0,0 +1,38 @@
+import javascript
+
+// Ultimate source
+// ----------------
+//     var line = stdinBuffer.toString();
+predicate uSource(MethodCallExpr sbts) {
+    //  sbts.getReceiver().(DotExpr).getPropertyNameExpr().(Identifier).getName() = "toString"
+    sbts.getMethodName().matches("%toString%") 
+}
+
+// Ultimate sink
+// ----------------
+//     db.exec(query);
+
+// Intermediate flow sink
+// ------------------------
+// Connect
+//     const db = new sqlite3.Database(
+// to its use
+//     db.exec(query);
+// 
+// class IntermediateSink extends DataFlow::Configuration {
+//   IntermediateSink() { this = "IntermediateSink" }
+
+//   override predicate isSource(DataFlow::Node nd) {
+//     exists(JsonParserCall jpc | nd = jpc.getOutput())
+//   }
+
+//   override predicate isSink(DataFlow::Node nd) { exists(DataFlow::PropRef pr | nd = pr.getBase()) }
+// }
+
+// from IntermediateSink cfg, DataFlow::Node source, DataFlow::Node sink
+// where cfg.hasFlow(source, sink)
+// select sink, "Property access on JSON value originating $@.", source, "here"
+
+from MethodCallExpr sbts
+where uSource(sbts)
+select sbts

solutions/codeql-pack.lock.yml

@@ -0,0 +1,22 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/javascript-all:
+    version: 0.8.3
+  codeql/javascript-queries:
+    version: 0.8.3
+  codeql/mad:
+    version: 0.2.3
+  codeql/regex:
+    version: 0.2.3
+  codeql/suite-helpers:
+    version: 0.7.3
+  codeql/tutorial:
+    version: 0.2.3
+  codeql/typos:
+    version: 0.2.3
+  codeql/util:
+    version: 0.2.3
+  codeql/yaml:
+    version: 0.2.3
+compiled: false

solutions/qlpack.yml

@@ -0,0 +1,8 @@
+---
+library: false
+name: codeql-javascript-multiflow-solutions
+version: 0.0.1
+# Install the queries for browsing.  They are not needed for this example.
+dependencies:
+    codeql/javascript-all: "*"
+    codeql/javascript-queries: "*"