From 5b261d88bb66bf4573c115b8f28b16bcb6039c21 Mon Sep 17 00:00:00 2001
From: Taus <tausbn@github.com>
Date: Fri, 15 Oct 2021 12:26:11 +0000
Subject: [PATCH] Support `super` with `instanceof`

---
 ql/src/codeql_ql/ast/Ast.qll                | 5 +++++
 ql/src/codeql_ql/ast/internal/Predicate.qll | 5 +++--
 ql/src/codeql_ql/ast/internal/Type.qll      | 2 ++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ql/src/codeql_ql/ast/Ast.qll b/ql/src/codeql_ql/ast/Ast.qll
index 14cdb86764e..bb819b59a53 100644
--- a/ql/src/codeql_ql/ast/Ast.qll
+++ b/ql/src/codeql_ql/ast/Ast.qll
@@ -754,6 +754,11 @@ class Class extends TClass, TypeDeclaration, ModuleDeclaration {
    */
   TypeExpr getASuperType() { toQL(result) = cls.getExtends(_) }
 
+  /**
+   * Gets a type referenced in the `instanceof` part of the class declaration.
+   */
+  TypeExpr getAnInstanceofType() { toQL(result) = cls.getInstanceof(_) }
+
   /** Gets the type that this class is defined to be an alias of. */
   TypeExpr getAliasType() { toQL(result) = cls.getChild(_).(QL::TypeAliasBody).getChild() }
 
diff --git a/ql/src/codeql_ql/ast/internal/Predicate.qll b/ql/src/codeql_ql/ast/internal/Predicate.qll
index 31c91c7ae6d..5fc84f6f96d 100644
--- a/ql/src/codeql_ql/ast/internal/Predicate.qll
+++ b/ql/src/codeql_ql/ast/internal/Predicate.qll
@@ -79,10 +79,11 @@ private module Cached {
     )
     or
     // super calls
-    exists(Super sup, ClassType type |
+    exists(Super sup, ClassType type, Type supertype |
       mc.getBase() = sup and
       sup.getEnclosingPredicate().(ClassPredicate).getParent().getType() = type and
-      p = type.getASuperType().getClassPredicate(mc.getMemberName(), mc.getNumberOfArguments())
+      supertype in [type.getASuperType(), type.getAnInstanceofType()] and
+      p = supertype.getClassPredicate(mc.getMemberName(), mc.getNumberOfArguments())
     )
   }
 
diff --git a/ql/src/codeql_ql/ast/internal/Type.qll b/ql/src/codeql_ql/ast/internal/Type.qll
index 8449b08de4c..bfd84ea9208 100644
--- a/ql/src/codeql_ql/ast/internal/Type.qll
+++ b/ql/src/codeql_ql/ast/internal/Type.qll
@@ -94,6 +94,8 @@ class ClassType extends Type, TClass {
 
   override Type getASuperType() { result = decl.getASuperType().getResolvedType() }
 
+  Type getAnInstanceofType() { result = decl.getAnInstanceofType().getResolvedType() }
+
   override Type getAnInternalSuperType() {
     result.(ClassCharType).getClassType() = this
     or