JS: Type track sqlite model

javascript/ql/src/semmle/javascript/frameworks/SQL.qll

@@ -224,10 +224,23 @@ private module Sqlite {
     result = sqlite().getAConstructorInvocation("Database")
   }
 
-  /** A call to a Sqlite query method. */
-  private class QueryCall extends DatabaseAccess, DataFlow::ValueNode {
-    override MethodCallExpr astNode;
+  /** Gets a data flow node referring to a Sqlite database instance. */
+  private DataFlow::SourceNode db(DataFlow::TypeTracker t) {
+    t.start() and
+    result = newDb()
+    or
+    exists(DataFlow::TypeTracker t2 |
+      result = db(t2).track(t2, t)
+    )
+  }
 
+  /** Gets a data flow node referring to a Sqlite database instance. */
+  DataFlow::SourceNode db() {
+    result = db(DataFlow::TypeTracker::end())
+  }
+
+  /** A call to a Sqlite query method. */
+  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
     QueryCall() {
       exists(string meth |
         meth = "all" or
@@ -237,12 +250,12 @@ private module Sqlite {
         meth = "prepare" or
         meth = "run"
       |
-        this = newDb().getAMethodCall(meth)
+        this = db().getAMethodCall(meth)
       )
     }
 
     override DataFlow::Node getAQueryArgument() {
-      result = DataFlow::valueNode(astNode.getArgument(0))
+      result = getArgument(0)
     }
   }
 

javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected

@@ -39,3 +39,4 @@
 | spanner.js:19:16:19:34 | { sql: "SQL code" } |
 | spanner.js:19:23:19:32 | "SQL code" |
 | sqlite.js:7:8:7:45 | "UPDATE ... id = ?" |
+| sqliteImport.js:2:8:2:44 | "UPDATE ... id = ?" |

javascript/ql/test/library-tests/frameworks/SQL/sqlite.js

@@ -5,3 +5,5 @@ var sqlite = require('sqlite3');
 
 var db = new sqlite.Database(":memory:");
 db.run("UPDATE tbl SET name = ? WHERE id = ?", "bar", 2);
+
+exports.db = db;

javascript/ql/test/library-tests/frameworks/SQL/sqliteImport.js

@@ -0,0 +1,2 @@
+const { db } = require('./sqlite');
+db.run("UPDATE foo SET bar = ? WHERE id = ?", "bar", 2);