JS: Port step for dynamic imports

2026-04-24 00:05:14 +02:00 · 2024-08-20 15:05:00 +02:00
parent 379952febc
commit 7cfe3dae85
3 changed files with 40 additions and 1 deletions
--- a/javascript/ql/lib/semmle/javascript/Promises.qll
+++ b/javascript/ql/lib/semmle/javascript/Promises.qll
@@ -705,7 +705,6 @@ private module DynamicImportSteps {
   */
  class DynamicImportStep extends LegacyPreCallGraphStep {
    override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) {
-      // TODO: this step needs to be ported to dataflow2
      exists(DynamicImportExpr imprt |
        pred = imprt.getImportedModule().getAnExportedValue("default") and
        succ = imprt.flow() and
--- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll
+++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll
@@ -9,3 +9,4 @@ private import Maps
 private import Promises
 private import Sets
 private import Strings
+private import DynamicImportStep
--- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/DynamicImportStep.qll
+++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/DynamicImportStep.qll
@@ -0,0 +1,39 @@
+/**
+ * Contains flow steps to model flow from a module into a dynamic `import()` expression.
+ */
+
+private import javascript
+private import semmle.javascript.dataflow.internal.DataFlowNode
+private import semmle.javascript.dataflow.internal.AdditionalFlowInternal
+private import semmle.javascript.dataflow.internal.DataFlowPrivate
+
+/**
+ * Flow steps for dynamic import expressions.
+ *
+ * The default export of the imported module must be boxed in a promise, so we pass
+ * it through a synthetic node.
+ */
+class DynamicImportStep extends AdditionalFlowInternal {
+  override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) {
+    node instanceof DynamicImportExpr and
+    tag = "imported-value" and
+    container.asSourceCallable() = node.getContainer()
+  }
+
+  override predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(DynamicImportExpr expr |
+      pred = expr.getImportedModule().getAnExportedValue("default") and
+      succ = getSynthesizedNode(expr, "imported-value")
+    )
+  }
+
+  override predicate storeStep(
+    DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ
+  ) {
+    exists(DynamicImportExpr expr |
+      pred = getSynthesizedNode(expr, "imported-value") and
+      contents = DataFlow::ContentSet::promiseValue() and
+      succ = TValueNode(expr)
+    )
+  }
+}