From 026dfaec979d445d76b56b99ac1c1924912ba10c Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esbena@github.com>
Date: Wed, 30 Mar 2022 22:22:33 +0200
Subject: [PATCH] support import in getSimpleAccessPath

---
 .../EndpointFeatures.qll                      | 32 +++++++++++++------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
index edadf19b279..3436c3871f2 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
@@ -469,21 +469,33 @@ private module SyntacticUtilities {
           if e instanceof VarAccess
           then result = e.(VarAccess).getName()
           else
-            if e instanceof AwaitExpr
-            then result = getSimpleAccessPath(e.(AwaitExpr).getOperand().flow()) + ".then()"
+            if e instanceof Import
+            then result = "import(" + getSimpleImportPath(e) + ")"
             else
-              if node instanceof DataFlow::PropRead
-              then
-                result =
-                  getSimpleAccessPath(node.(DataFlow::PropRead).getBase()) + "." +
-                    getPropertyNameOrUnknown(node)
+              if e instanceof AwaitExpr
+              then result = getSimpleAccessPath(e.(AwaitExpr).getOperand().flow()) + ".then()"
               else
-                if node instanceof DataFlow::InvokeNode
+                if node instanceof DataFlow::PropRead
                 then
-                  result = getSimpleAccessPath(node.(DataFlow::InvokeNode).getCalleeNode()) + "()"
-                else result = "?"
+                  result =
+                    getSimpleAccessPath(node.(DataFlow::PropRead).getBase()) + "." +
+                      getPropertyNameOrUnknown(node)
+                else
+                  if node instanceof DataFlow::InvokeNode
+                  then
+                    result = getSimpleAccessPath(node.(DataFlow::InvokeNode).getCalleeNode()) + "()"
+                  else result = "?"
     )
   }
+
+  string getSimpleImportPath(Import i) {
+    if exists(i.getImportedPath().getValue())
+    then
+      exists(string p | p = i.getImportedPath().getValue() |
+        if p.matches(".%") then result = p else result = "!" // hide absolute imports from the ML training
+      )
+    else result = "?"
+  }
 }
 
 /**