JS: Simplify HTML element access

2026-04-29 10:45:15 +02:00 · 2020-12-14 14:10:28 +00:00
parent f24af58a60
commit 898d22d2f4
2 changed files with 36 additions and 34 deletions
--- a/javascript/ql/src/semmle/javascript/HTML.qll
+++ b/javascript/ql/src/semmle/javascript/HTML.qll
@@ -10,6 +10,29 @@ module HTML {
    HtmlFile() { getFileType().isHtml() }
  }

+  /**
+   * A file that may contain HTML elements.
+   *
+   * This is either an `.html` file or a source code file containing
+   * embedded HTML snippets.
+   */
+  private class FileContainingHtml extends File {
+    FileContainingHtml() {
+      getFileType().isHtml()
+      or
+      // The file contains an expression containing an HTML element
+      exists(Expr e |
+        e.getFile() = this and
+        xml_element_parent_expression(_, e, _)
+      )
+    }
+  }
+
+  /** Gets `i`th root node of the HTML fragment embedded in the given expression, if any. */
+  Element getHtmlElementFromExpr(Expr e, int i) {
+    xml_element_parent_expression(result, e, i)
+  }
+
  /**
   * An HTML element.
   *
@@ -20,7 +43,7 @@ module HTML {
   * ```
   */
  class Element extends Locatable, @xmlelement {
-    Element() { exists(HtmlFile f | xmlElements(this, _, _, _, f)) }
+    Element() { exists(FileContainingHtml f | xmlElements(this, _, _, _, f)) }

    override Location getLocation() { xmllocations(this, result) }

@@ -84,13 +107,6 @@ module HTML {
    override string getAPrimaryQlClass() { result = "HTML::Element" }
  }

-  /**
-   * Gets the inline script of the given attribute, if any.
-   */
-  CodeInAttribute getCodeInAttribute(XMLAttribute attribute) {
-    toplevel_parent_xml_node(result, attribute)
-  }
-
  /**
   * An attribute of an HTML element.
   *
@@ -104,7 +120,7 @@ module HTML {
   * ```
   */
  class Attribute extends Locatable, @xmlattribute {
-    Attribute() { exists(HtmlFile f | xmlAttrs(this, _, _, _, _, f)) }
+    Attribute() { exists(FileContainingHtml f | xmlAttrs(this, _, _, _, _, f)) }

    override Location getLocation() { xmllocations(this, result) }

@@ -112,7 +128,7 @@ module HTML {
     * Gets the inline script of this attribute, if any.
     */
    CodeInAttribute getCodeInAttribute() {
-      result = getCodeInAttribute(this)
+      toplevel_parent_xml_node(result, this)
    }

    /**
@@ -264,7 +280,7 @@ module HTML {
   * Note that instances of this class are only available if extraction is done with `--html all` or `--experimental`.
   */
  class TextNode extends Locatable, @xmlcharacters {
-    TextNode() { exists(HtmlFile f | xmlChars(this, _, _, _, _, f)) }
+    TextNode() { exists(FileContainingHtml f | xmlChars(this, _, _, _, _, f)) }

    override string toString() { result = getText() }

@@ -303,7 +319,7 @@ module HTML {
   * ```
   */
  class CommentNode extends Locatable, @xmlcomment {
-    CommentNode() { exists(HtmlFile f | xmlComments(this, _, _, f)) }
+    CommentNode() { exists(FileContainingHtml f | xmlComments(this, _, _, f)) }

    /** Gets the element in which this comment occurs. */
    Element getParent() { xmlComments(this, _, result, _) }
--- a/javascript/ql/src/semmle/javascript/frameworks/Angular2.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Angular2.qll
@@ -340,11 +340,6 @@ module Angular2 {
      result = getAttributeValueAsNode(getATemplateInstantiation().getAttributeByName("[" + name + "]"))
    }

-    /** Gets the `templateUrl` property of the `@Component` decorator. */
-    string getTemplateUrl() {
-      decorator.getOptionArgument(0, "templateUrl").mayHaveStringValue(result)
-    }
-
    /**
     * Gets the file referred to by `templateUrl`.
     *
@@ -355,30 +350,21 @@ module Angular2 {
      result = decorator.getOptionArgument(0, "templateUrl").asExpr().(PathExpr).resolve()
    }

-    pragma[noinline]
-    private Location getInlineTemplateLocation() {
-      result = decorator.getOptionArgument(0, "template").asExpr().getLocation()
-    }
-
-    private XMLAttribute getAnAttributeInInlineTemplate() {
-      exists(Location templateLoc, Location attribLoc |
-        templateLoc = getInlineTemplateLocation() and
-        attribLoc = result.getLocation() and
-        templateLoc.getFile() = attribLoc.getFile()
-        // TODO: check line/column - though in practice checking the file is enough
-      )
+    /** Gets an element in the HTML template of this component. */
+    HTML::Element getATemplateElement() {
+      result.getFile() = getTemplateFile()
+      or
+      result.getParent*() = HTML::getHtmlElementFromExpr(decorator.getOptionArgument(0, "template").asExpr(), _)
    }

    /**
     * Gets an access to the variable `name` in the template body.
     */
    DataFlow::Node getATemplateVarAccess(string name) {
-      exists(XMLAttribute attrib |
-        attrib.getLocation().getFile() = getTemplateFile() or
-        attrib = getAnAttributeInInlineTemplate()
-      |
+      exists(HTML::Attribute attrib |
+        attrib = getATemplateElement().getAnAttribute() and
        isAngularExpressionAttribute(attrib) and
-        result = getAGlobalVarAccessInAttribute(HTML::getCodeInAttribute(attrib), name).flow()
+        result = getAGlobalVarAccessInAttribute(attrib.getCodeInAttribute(), name).flow()
      )
    }
  }