Merge pull request #19769 from trailofbits/VF/Nest-improvements

Improve NestJS sources and dependency injection

javascript/ql/test/library-tests/frameworks/Nest/global/app.module.ts

@@ -1,12 +1,27 @@
 import { Module } from '@nestjs/common';
 import { Controller } from './validation';
-import { Foo } from './foo.interface';
-import { FooImpl } from './foo.impl';
+import { Imports } from './imports';
+import { Foo, Foo2, Foo3 } from './foo.interface';
+import { FooImpl, Foo2Impl, Foo3Impl } from './foo.impl';
+
+const foo3 = new Foo3Impl()
 
 @Module({
-    controllers: [Controller],
-    providers: [{
-        provide: Foo, useClass: FooImpl
-    }],
+  controllers: [Controller],
+  imports: [Imports.forRoot()],
+  providers: [
+    {
+      provide: Foo,
+      useClass: FooImpl
+    },
+    {
+      provide: Foo2,
+      useFactory: () => new Foo2Impl()
+    },
+    {
+      provide: Foo3,
+      useValue: foo3
+    }
+  ],
 })
 export class AppModule { }

javascript/ql/test/library-tests/frameworks/Nest/global/foo.impl.ts

@@ -1,7 +1,25 @@
-import { Foo } from "./foo.interface";
+import { Foo, Foo2, Foo3, Foo4 } from "./foo.interface";
 
 export class FooImpl extends Foo {
     fooMethod(x: string) {
         sink(x); // $ hasValueFlow=x
     }
 }
+
+export class Foo2Impl extends Foo2 {
+    fooMethod(x: string) {
+        sink(x); // $ hasValueFlow=x
+    }
+}
+
+export class Foo3Impl extends Foo3 {
+    fooMethod(x: string) {
+        sink(x); // $ hasValueFlow=x
+    }
+}
+
+export class Foo4Impl extends Foo4 {
+    fooMethod(x: string) {
+        sink(x); // $ hasValueFlow=x
+    }
+}

javascript/ql/test/library-tests/frameworks/Nest/global/foo.interface.ts

@@ -1,3 +1,15 @@
 export abstract class Foo {
     abstract fooMethod(x: string): void;
 }
+
+export abstract class Foo2 {
+    abstract fooMethod(x: string): void;
+}
+
+export abstract class Foo3 {
+    abstract fooMethod(x: string): void;
+}
+
+export abstract class Foo4 {
+    abstract fooMethod(x: string): void;
+}

javascript/ql/test/library-tests/frameworks/Nest/global/imports.ts

@@ -0,0 +1,16 @@
+import { DynamicModule } from '@nestjs/common';
+import { Foo4Impl } from './foo.impl';
+import { Foo4 } from './foo.interface';
+
+export class Imports {
+  static forRoot(): DynamicModule {
+    return {
+      providers: [
+        {
+          provide: Foo4,
+          useClass: Foo4Impl,
+        },
+      ],
+    };
+  }
+}

javascript/ql/test/library-tests/frameworks/Nest/global/validation.ts

@@ -1,10 +1,10 @@
 import { Get, Query } from '@nestjs/common';
 import { IsIn } from 'class-validator';
-import { Foo } from './foo.interface';
+import { Foo, Foo2, Foo3, Foo4 } from './foo.interface';
 
 export class Controller {
   constructor(
-    private readonly foo: Foo
+    private readonly foo: Foo, private readonly foo2: Foo2, private readonly foo3: Foo3, private readonly foo4: Foo4
   ) { }
 
   @Get()
@@ -16,6 +16,9 @@ export class Controller {
   @Get()
   route2(@Query('x') x: string) {
     this.foo.fooMethod(x);
+    this.foo2.fooMethod(x);
+    this.foo3.fooMethod(x);
+    this.foo4.fooMethod(x);
   }
 }
 

javascript/ql/test/library-tests/frameworks/Nest/local/middleware.ts

@@ -0,0 +1,12 @@
+import { Injectable, NestMiddleware } from '@nestjs/common';
+import { Response, NextFunction } from 'express';
+import { CustomRequest } from '@randomPackage/request';
+
+@Injectable()
+export class LoggerMiddleware implements NestMiddleware {
+  // The request can be a custom type that extends the express Request
+  use(req: CustomRequest, res: Response, next: NextFunction) {
+    console.log(req.query.abc);
+    next();
+  }
+}

javascript/ql/test/library-tests/frameworks/Nest/test.expected

@@ -1,7 +1,7 @@
 testFailures
 routeHandler
 | global/validation.ts:11:3:14:3 | route1( ...  OK\\n  } |
-| global/validation.ts:17:3:19:3 | route2( ... x);\\n  } |
+| global/validation.ts:17:3:22:3 | route2( ... x);\\n  } |
 | local/customDecorator.ts:18:3:20:3 | sneaky( ...  OK\\n  } |
 | local/customDecorator.ts:23:3:25:3 | safe(@S ...  OK\\n  } |
 | local/customPipe.ts:20:5:22:5 | sanitiz ... K\\n    } |
@@ -10,6 +10,7 @@ routeHandler
 | local/customPipe.ts:36:5:38:5 | propaga ... K\\n    } |
 | local/customPipe.ts:41:5:43:5 | propaga ... K\\n    } |
 | local/customPipe.ts:47:5:49:5 | propaga ... K\\n    } |
+| local/middleware.ts:8:3:11:3 | use(req ... ();\\n  } |
 | local/routes.ts:6:3:8:3 | getFoo( ... o';\\n  } |
 | local/routes.ts:11:3:13:3 | postFoo ... o';\\n  } |
 | local/routes.ts:16:3:18:3 | getRoot ... o';\\n  } |
@@ -29,9 +30,11 @@ routeHandler
 | local/validation.ts:42:3:45:3 | route6( ...  OK\\n  } |
 requestSource
 | local/customDecorator.ts:5:21:5:51 | ctx.swi ... quest() |
+| local/middleware.ts:8:7:8:9 | req |
 | local/routes.ts:30:12:30:14 | req |
 | local/routes.ts:61:23:61:25 | req |
 responseSource
+| local/middleware.ts:8:27:8:29 | res |
 | local/routes.ts:61:35:61:37 | res |
 | local/routes.ts:62:5:62:25 | res.sen ... uery.x) |
 requestInputAccess
@@ -44,6 +47,7 @@ requestInputAccess
 | parameter | local/customDecorator.ts:6:12:6:41 | request ... ryParam |
 | parameter | local/customPipe.ts:5:15:5:19 | value |
 | parameter | local/customPipe.ts:13:15:13:19 | value |
+| parameter | local/middleware.ts:9:17:9:29 | req.query.abc |
 | parameter | local/routes.ts:27:17:27:17 | x |
 | parameter | local/routes.ts:28:14:28:21 | queryObj |
 | parameter | local/routes.ts:29:20:29:23 | name |