add support for typed NextJS route-handlers

javascript/ql/lib/semmle/javascript/frameworks/Next.qll

@@ -158,13 +158,37 @@ module NextJS {
     NextHttpRouteHandler() { this = getServerSidePropsFunction(_) or this = getInitialProps(_) }
   }
 
+  /**
+   * A function that handles both a request and response from Next.js, seen as a routehandler.
+   */
+  class NextReqResHandler extends HTTP::Servers::StandardRouteHandler, DataFlow::FunctionNode {
+    DataFlow::ParameterNode req;
+    DataFlow::ParameterNode res;
+
+    NextReqResHandler() {
+      res = this.getAParameter() and
+      req = this.getAParameter() and
+      req.hasUnderlyingType("next", "NextApiRequest") and
+      res.hasUnderlyingType("next", "NextApiResponse")
+    }
+
+    /** Gets the request parameter */
+    DataFlow::ParameterNode getRequest() { result = req }
+
+    /** Gets the response parameter */
+    DataFlow::ParameterNode getResponse() { result = res }
+  }
+
   /**
    * A NodeJS HTTP request object in a Next.js page.
    */
   class NextHttpRequestSource extends NodeJSLib::RequestSource {
-    NextHttpRouteHandler rh;
+    HTTP::RouteHandler rh;
 
-    NextHttpRequestSource() { this = rh.getParameter(0).getAPropertyRead("req") }
+    NextHttpRequestSource() {
+      this = rh.(NextHttpRouteHandler).getParameter(0).getAPropertyRead("req") or
+      this = rh.(NextReqResHandler).getRequest()
+    }
 
     override HTTP::RouteHandler getRouteHandler() { result = rh }
   }
@@ -173,9 +197,12 @@ module NextJS {
    * A NodeJS HTTP response object in a Next.js page.
    */
   class NextHttpResponseSource extends NodeJSLib::ResponseSource {
-    NextHttpRouteHandler rh;
+    HTTP::RouteHandler rh;
 
-    NextHttpResponseSource() { this = rh.getParameter(0).getAPropertyRead("res") }
+    NextHttpResponseSource() {
+      this = rh.(NextHttpRouteHandler).getParameter(0).getAPropertyRead("res") or
+      this = rh.(NextReqResHandler).getResponse()
+    }
 
     override HTTP::RouteHandler getRouteHandler() { result = rh }
   }
@@ -204,9 +231,9 @@ module NextJS {
     }
 
     override Parameter getRouteHandlerParameter(string kind) {
-      kind = "request" and result = getFunction().getParameter(0)
+      kind = "request" and result = this.getFunction().getParameter(0)
       or
-      kind = "response" and result = getFunction().getParameter(1)
+      kind = "response" and result = this.getFunction().getParameter(1)
     }
   }
 

javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll

@@ -168,9 +168,9 @@ module NodeJSLib {
     string kind;
 
     RequestInputAccess() {
-      // `req.url`
-      kind = "url" and
-      this.asExpr().(PropAccess).accesses(request, "url")
+      // `req.url` / `req.body`
+      kind = ["url", "body"] and
+      this.asExpr().(PropAccess).accesses(request, kind)
       or
       exists(PropAccess headers |
         // `req.headers.cookie`