JS: move default parameter values to the DefUse graph

2026-04-29 18:55:14 +02:00 · 2019-02-05 22:43:04 +01:00
parent 65530c5edf
commit 5ad83360be
6 changed files with 12 additions and 6 deletions
--- a/javascript/ql/src/semmle/javascript/DefUse.qll
+++ b/javascript/ql/src/semmle/javascript/DefUse.qll
@@ -12,6 +12,7 @@ import javascript
 * <tr><td><code>x = y</code><td><code>x = y</code><td><code>x</code><td><code>y</code></tr>
 * <tr><td><code>var a = b</code><td><code>var a = b</code><td><code>a</code><td><code>b</code></tr>
 * <tr><td><code>function f { ... }</code><td><code>f</code><td><code>f</code><td><code>function f { ... }</code></tr>
+ * <tr><td><code>function f ( x = y ){ ... }</code><td><code>x</code><td><code>x</code><td><code>y</code></tr>
 * <tr><td><code>class C { ... }</code><td><code>C</code><td><code>C</code><td><code>class C { ... }</code></tr>
 * <tr><td><code>namespace N { ... }</code><td><code>N</code><td><code>N</code><td><code>namespace N { ... }</code></tr>
 * <tr><td><code>enum E { ... }</code><td><code>E</code><td><code>E</code><td><code>enum E { ... }</code></tr>
@@ -42,6 +43,8 @@ private predicate defn(ControlFlowNode def, Expr lhs, AST::ValueNode rhs) {
  exists(EnumMember member | def = member.getIdentifier() |
    lhs = def and rhs = member.getInitializer()
  )
+  or
+  lhs = def and def.(Parameter).getDefault() = rhs
 }

 /**
--- a/javascript/ql/src/semmle/javascript/RangeAnalysis.qll
+++ b/javascript/ql/src/semmle/javascript/RangeAnalysis.qll
@@ -104,7 +104,12 @@ module RangeAnalysis {
  pragma[noinline]
  private predicate hasUniquePredecessor(DataFlow::Node node) {
    isRelevant(node) and
-    strictcount(node.getAPredecessor()) = 1
+    strictcount(node.getAPredecessor()) = 1 and
+    // exclude parameters with default values
+    not exists (Parameter p |
+      DataFlow::parameterNode(p) = node and
+      exists(p.getDefault())
+    )
  }

  /**
--- a/javascript/ql/src/semmle/javascript/dataflow/internal/VariableTypeInference.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/internal/VariableTypeInference.qll
@@ -143,7 +143,7 @@ private class AnalyzedParameter extends AnalyzedVarDef, @vardecl {

  override DataFlow::AnalyzedNode getRhs() {
    getFunction().argumentPassing(this, result.asExpr()) or
-    result = this.(Parameter).getDefault().analyze()
+    result = AnalyzedVarDef.super.getRhs()
  }

  override AbstractValue getAnRhsValue() {