Merge pull request #5227 from erik-krogh/infTest

Approved by asgerf

javascript/ql/src/semmle/javascript/AMD.qll

@@ -155,9 +155,17 @@ class AmdModuleDefinition extends CallExpr {
    * into this module's `module.exports` property.
    */
   DefiniteAbstractValue getAModuleExportsValue() {
+    result = [getAnImplicitExportsValue(), getAnExplicitExportsValue()]
+  }
+
+  pragma[noinline]
+  private AbstractValue getAnImplicitExportsValue() {
     // implicit exports: anything that is returned from the factory function
     result = getModuleExpr().analyze().getAValue()
-    or
+  }
+
+  pragma[noinline]
+  private AbstractValue getAnExplicitExportsValue() {
     // explicit exports: anything assigned to `module.exports`
     exists(AbstractProperty moduleExports, AmdModule m |
       this = m.getDefine() and

javascript/ql/src/semmle/javascript/NodeJS.qll

@@ -33,31 +33,25 @@ class NodeModule extends Module {
    * Gets an abstract value representing one or more values that may flow
    * into this module's `module.exports` property.
    */
+  pragma[noinline]
   DefiniteAbstractValue getAModuleExportsValue() {
-    exists(AbstractProperty moduleExports |
-      moduleExports.getBase().(AbstractModuleObject).getModule() = this and
-      moduleExports.getPropertyName() = "exports"
-    |
-      result = moduleExports.getAValue()
-    )
+    result = getAModuleExportsProperty().getAValue()
+  }
+
+  pragma[noinline]
+  private AbstractProperty getAModuleExportsProperty() {
+    result.getBase().(AbstractModuleObject).getModule() = this and
+    result.getPropertyName() = "exports"
   }
 
   /**
    * Gets an expression that is an alias for `module.exports`.
-   * For performance this predicate only computes relevant expressions.
+   * For performance this predicate only computes relevant expressions (in `getAModuleExportsCandidate`).
    * So if using this predicate - consider expanding the list of relevant expressions.
    */
-  pragma[noinline]
-  DataFlow::Node getAModuleExportsNode() {
-    (
-      // A bit of manual magic
-      result = any(DataFlow::PropWrite w | exists(w.getPropertyName())).getBase()
-      or
-      result = DataFlow::valueNode(any(PropAccess p | exists(p.getPropertyName())).getBase())
-      or
-      result = DataFlow::valueNode(any(ObjectExpr obj))
-    ) and
-    result.analyze().getAValue() = getAModuleExportsValue()
+  DataFlow::AnalyzedNode getAModuleExportsNode() {
+    result = getAModuleExportsCandidate() and
+    result.getAValue() = getAModuleExportsValue()
   }
 
   /** Gets a symbol exported by this module. */
@@ -148,6 +142,21 @@ class NodeModule extends Module {
   }
 }
 
+/**
+ * Gets an expression that syntactically could be a alias for `module.exports`.
+ * This predicate exists to reduce the size of `getAModuleExportsNode`,
+ * while keeping all the tuples that could be relevant in later computations.
+ */
+pragma[noinline]
+private DataFlow::Node getAModuleExportsCandidate() {
+  // A bit of manual magic
+  result = any(DataFlow::PropWrite w | exists(w.getPropertyName())).getBase()
+  or
+  result = DataFlow::valueNode(any(PropAccess p | exists(p.getPropertyName())).getBase())
+  or
+  result = DataFlow::valueNode(any(ObjectExpr obj))
+}
+
 /**
  * Holds if `nodeModules` is a folder of the form `<prefix>/node_modules`, where
  * `<prefix>` is a (not necessarily proper) prefix of `f` and does not end in `/node_modules`,

javascript/ql/src/semmle/javascript/dataflow/TypeInference.qll

@@ -85,7 +85,7 @@ class AnalyzedNode extends DataFlow::Node {
   }
 
   /** Gets a type inferred for this node. */
-  pragma[nomagic]
+  cached
   InferredType getAType() { result = getAValue().getType() }
 
   /**