JS: Handle imports through lazy-cache

2026-04-30 11:15:13 +02:00 · 2020-02-05 12:04:58 +00:00
parent 180e9d4731
commit 418f841749
2 changed files with 56 additions and 0 deletions
--- a/javascript/ql/src/javascript.qll
+++ b/javascript/ql/src/javascript.qll
@@ -78,6 +78,7 @@ import semmle.javascript.frameworks.Files
 import semmle.javascript.frameworks.Firebase
 import semmle.javascript.frameworks.jQuery
 import semmle.javascript.frameworks.Handlebars
+import semmle.javascript.frameworks.LazyCache
 import semmle.javascript.frameworks.LodashUnderscore
 import semmle.javascript.frameworks.Logging
 import semmle.javascript.frameworks.HttpFrameworks
--- a/javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll
@@ -0,0 +1,55 @@
+/**
+ * Models imports through the NPM `lazy-cache` package.
+ */
+
+import javascript
+
+module LazyCache {
+  /**
+   * A lazy-cache object, usually created through an expression of form `require('lazy-cache')(require)`.
+   */
+  class LazyCacheObject extends DataFlow::SourceNode {
+    LazyCacheObject() {
+      // Use `require` directly instead of `moduleImport` to avoid recursion.
+      // For the same reason, avoid `Import.getImportedPath`.
+      exists(Require req |
+        req.getArgument(0).getStringValue() = "lazy-cache" and
+        this = req.flow().(DataFlow::SourceNode).getAnInvocation()
+      )
+    }
+  }
+
+  /**
+   * An import through `lazy-cache`.
+   */
+  class LazyCacheImport extends CallExpr, Import {
+    LazyCacheObject cache;
+
+    LazyCacheImport() { this = cache.getACall().asExpr() }
+
+    /** Gets the name of the package as it's exposed on the lazy-cache object. */
+    string getLocalAlias() {
+      result = getArgument(1).getStringValue()
+      or
+      not exists(getArgument(1)) and
+      result = getArgument(0).getStringValue()
+    }
+
+    override Module getEnclosingModule() { result = getTopLevel() }
+
+    override PathExpr getImportedPath() { result = getArgument(0) }
+
+    override DataFlow::Node getImportedModuleNode() {
+      result = this.flow()
+      or
+      result = cache.getAPropertyRead(getLocalAlias())
+    }
+  }
+
+  /** A constant path element appearing in a call to a lazy-cache object. */
+  private class LazyCachePathExpr extends PathExprInModule, ConstantString {
+    LazyCachePathExpr() { this = any(LazyCacheImport rp).getArgument(0) }
+
+    override string getValue() { result = getStringValue() }
+  }
+}