Merge pull request #3662 from asger-semmle/js/package-export-fixes

Approved by esbena

javascript/ql/src/semmle/javascript/NodeModuleResolutionImpl.qll

@@ -82,20 +82,20 @@ File tryExtensions(Folder dir, string basename, int priority) {
  * Gets the main module described by `pkg` with the given `priority`.
  */
 File resolveMainModule(PackageJSON pkg, int priority) {
-  if exists(MainModulePath::of(pkg))
-  then
-    exists(PathExpr main | main = MainModulePath::of(pkg) |
-      result = main.resolve() and priority = 0
-      or
-      result = tryExtensions(main.resolve(), "index", priority)
-      or
-      not exists(main.resolve()) and
-      not exists(main.getExtension()) and
-      exists(int n | n = main.getNumComponent() |
-        result = tryExtensions(main.resolveUpTo(n - 1), main.getComponent(n - 1), priority)
-      )
+  exists(PathExpr main | main = MainModulePath::of(pkg) |
+    result = main.resolve() and priority = 0
+    or
+    result = tryExtensions(main.resolve(), "index", priority)
+    or
+    not exists(main.resolve()) and
+    not exists(main.getExtension()) and
+    exists(int n | n = main.getNumComponent() |
+      result = tryExtensions(main.resolveUpTo(n - 1), main.getComponent(n - 1), priority)
     )
-  else result = tryExtensions(pkg.getFile().getParentContainer(), "index", priority)
+  )
+  or
+  result =
+    tryExtensions(pkg.getFile().getParentContainer(), "index", priority - prioritiesPerCandidate())
 }
 
 /**

javascript/ql/src/semmle/javascript/PackageExports.qll

@@ -68,4 +68,9 @@ private DataFlow::Node getAnExportFromModule(Module mod) {
   result.analyze().getAValue() = mod.(NodeModule).getAModuleExportsValue()
   or
   exists(ASTNode export | result.getEnclosingExpr() = export | mod.exports(_, export))
+  or
+  exists(ExportDeclaration export |
+    result = export.getSourceNode(_) and
+    mod = export.getTopLevel()
+  )
 }

javascript/ql/test/library-tests/PackageExports/absent_main/index.js

@@ -0,0 +1 @@
+module.exports.foo = function() {};

javascript/ql/test/library-tests/PackageExports/absent_main/package.json

@@ -0,0 +1,3 @@
+{
+    "main": "dist/does-not-exist.js"
+}

javascript/ql/test/library-tests/PackageExports/esmodules/main.js

@@ -0,0 +1,3 @@
+export function exported() {}
+
+function notExported() {}

javascript/ql/test/library-tests/PackageExports/esmodules/package.json

@@ -0,0 +1,3 @@
+{
+    "main": "main.js"
+}

javascript/ql/test/library-tests/PackageExports/tests.expected

@@ -1,6 +1,14 @@
 getTopmostPackageJSON
+| absent_main/package.json:1:1:3:1 | {\\n    " ... t.js"\\n} |
+| esmodules/package.json:1:1:3:1 | {\\n    " ... n.js"\\n} |
 | lib1/package.json:1:1:3:1 | {\\n    " ... n.js"\\n} |
 getAValueExportedBy
+| absent_main/package.json:1:1:3:1 | {\\n    " ... t.js"\\n} | absent_main/index.js:1:1:1:0 | this |
+| absent_main/package.json:1:1:3:1 | {\\n    " ... t.js"\\n} | absent_main/index.js:1:1:1:14 | module.exports |
+| absent_main/package.json:1:1:3:1 | {\\n    " ... t.js"\\n} | absent_main/index.js:1:1:1:18 | module.exports.foo |
+| absent_main/package.json:1:1:3:1 | {\\n    " ... t.js"\\n} | absent_main/index.js:1:22:1:21 | this |
+| absent_main/package.json:1:1:3:1 | {\\n    " ... t.js"\\n} | absent_main/index.js:1:22:1:34 | function() {} |
+| esmodules/package.json:1:1:3:1 | {\\n    " ... n.js"\\n} | esmodules/main.js:1:8:1:29 | functio ... ed() {} |
 | lib1/package.json:1:1:3:1 | {\\n    " ... n.js"\\n} | lib1/foo.js:1:1:1:0 | this |
 | lib1/package.json:1:1:3:1 | {\\n    " ... n.js"\\n} | lib1/foo.js:1:1:1:53 | module. ... in() {} |
 | lib1/package.json:1:1:3:1 | {\\n    " ... n.js"\\n} | lib1/foo.js:1:18:1:53 | functio ... in() {} |