use API nodes instead of type-tracking in the pino model

2026-04-29 10:45:15 +02:00 · 2021-07-16 11:32:32 +02:00
parent 178d3de824
commit 36de24aecb
1 changed files with 8 additions and 15 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
@@ -354,31 +354,24 @@ private module Pino {
  /**
   * Gets a logger instance from the `pino` library.
   */
-  private DataFlow::SourceNode pino() {
-    result = pinoApi().getAnImmediateUse()
+  private API::Node pino() {
+    result = pinoApi()
    or
    // `pino` is installed as the "log" property on the request object in `Express` and similar libraries.
    // in `Hapi` the property is "logger".
-    exists(HTTP::RequestExpr req |
-      result = req.flow().getALocalSource().getAPropertyRead(["log", "logger"])
+    exists(HTTP::RequestExpr req, API::Node reqNode |
+      reqNode.getAnImmediateUse() = req.flow().getALocalSource() and
+      result = reqNode.getMember(["log", "logger"])
    )
  }

-  /**
-   * Gets a reference to a logger method from the `pino` library.
-   */
-  private DataFlow::SourceNode pinoCallee(DataFlow::TypeTracker t) {
-    t.startInProp(["trace", "debug", "info", "warn", "error", "fatal"]) and
-    result = pino()
-    or
-    exists(DataFlow::TypeTracker t2 | result = pinoCallee(t2).track(t2, t))
-  }
-
  /**
   * A logging call to the `pino` library.
   */
  private class PinoCall extends LoggerCall {
-    PinoCall() { this = pinoCallee(DataFlow::TypeTracker::end()).getACall() }
+    PinoCall() {
+      this = pino().getMember(["trace", "debug", "info", "warn", "error", "fatal"]).getACall()
+    }

    override DataFlow::Node getAMessageComponent() { result = getAnArgument() }
  }