Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master

Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved in favour of `master`.
2026-05-04 21:25:44 +02:00 · 2019-03-21 14:45:39 +00:00
parent fb499b02d5 313134cb8c
commit 8c460ae385
163 changed files with 2763 additions and 424 deletions
--- a/javascript/ql/test/library-tests/Functions/getAnUndefinedReturn.qll
+++ b/javascript/ql/test/library-tests/Functions/getAnUndefinedReturn.qll
@@ -0,0 +1,6 @@
+import javascript
+import semmle.javascript.CFG
+
+query predicate test_getAnUndefinedReturn(Function fun, ConcreteControlFlowNode final) {
+	final = fun.getAnUndefinedReturn()
+}
--- a/javascript/ql/test/library-tests/Functions/tests.expected
+++ b/javascript/ql/test/library-tests/Functions/tests.expected
@@ -12,6 +12,14 @@ test_getVariable
 | tst.js:11:1:11:35 | functio ... ts; } } |
 | tst.js:12:1:12:44 | functio ... s) {} } |
 | tst.js:14:1:14:37 | functio ... s[0]; } |
+| undefinedreturns.js:13:1:13:28 | functio ... n() { } |
+| undefinedreturns.js:14:1:14:29 | async f ... n() { } |
+| undefinedreturns.js:15:1:15:40 | functio ... ow 1; } |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } |
+| undefinedreturns.js:27:1:27:30 | functio ... y() { } |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } |
 test_getScope
 | arrowfns.js:1:24:1:36 | s => s.length |
 | arrowfns.js:2:13:2:23 | () => ++cnt |
@@ -33,6 +41,17 @@ test_getScope
 | tst.js:11:1:11:35 | functio ... ts; } } |
 | tst.js:12:1:12:44 | functio ... s) {} } |
 | tst.js:14:1:14:37 | functio ... s[0]; } |
+| undefinedreturns.js:11:20:11:32 | function () 1 |
+| undefinedreturns.js:12:29:12:35 | () => 1 |
+| undefinedreturns.js:13:1:13:28 | functio ... n() { } |
+| undefinedreturns.js:14:1:14:29 | async f ... n() { } |
+| undefinedreturns.js:15:1:15:40 | functio ... ow 1; } |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } |
+| undefinedreturns.js:27:1:27:30 | functio ... y() { } |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } |
+| undefinedreturns.js:30:29:30:37 | () => { } |
 test_getParameter
 | arrowfns.js:1:24:1:36 | s => s.length | 0 | arrowfns.js:1:24:1:24 | s |
 | defaultargs.js:1:1:1:24 | functio ... +19) {} | 0 | defaultargs.js:1:12:1:12 | x |
@@ -52,6 +71,10 @@ test_ReturnedExpression
 | arrowfns.js:2:13:2:23 | () => ++cnt | arrowfns.js:2:19:2:23 | ++cnt |
 | exprclosures.js:1:7:1:21 | function(x) x+1 | exprclosures.js:1:19:1:21 | x+1 |
 | tst.js:14:1:14:37 | functio ... s[0]; } | tst.js:14:23:14:34 | arguments[0] |
+| undefinedreturns.js:11:20:11:32 | function () 1 | undefinedreturns.js:11:32:11:32 | 1 |
+| undefinedreturns.js:12:29:12:35 | () => 1 | undefinedreturns.js:12:35:12:35 | 1 |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } | undefinedreturns.js:17:46:17:46 | 1 |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } | undefinedreturns.js:29:49:29:49 | 1 |
 test_getDefaultArguments
 | defaultargs.js:1:15:1:15 | y | defaultargs.js:1:17:1:20 | x+19 |
 test_Function
@@ -75,6 +98,17 @@ test_Function
 | tst.js:11:1:11:35 | functio ... ts; } } |
 | tst.js:12:1:12:44 | functio ... s) {} } |
 | tst.js:14:1:14:37 | functio ... s[0]; } |
+| undefinedreturns.js:11:20:11:32 | function () 1 |
+| undefinedreturns.js:12:29:12:35 | () => 1 |
+| undefinedreturns.js:13:1:13:28 | functio ... n() { } |
+| undefinedreturns.js:14:1:14:29 | async f ... n() { } |
+| undefinedreturns.js:15:1:15:40 | functio ... ow 1; } |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } |
+| undefinedreturns.js:27:1:27:30 | functio ... y() { } |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } |
+| undefinedreturns.js:30:29:30:37 | () => { } |
 test_getBody
 | arrowfns.js:1:24:1:36 | s => s.length | arrowfns.js:1:29:1:36 | s.length |
 | arrowfns.js:2:13:2:23 | () => ++cnt | arrowfns.js:2:19:2:23 | ++cnt |
@@ -96,6 +130,17 @@ test_getBody
 | tst.js:11:1:11:35 | functio ... ts; } } | tst.js:11:14:11:35 | { { var ... ts; } } |
 | tst.js:12:1:12:44 | functio ... s) {} } | tst.js:12:14:12:44 | { try { ... s) {} } |
 | tst.js:14:1:14:37 | functio ... s[0]; } | tst.js:14:14:14:37 | { retur ... s[0]; } |
+| undefinedreturns.js:11:20:11:32 | function () 1 | undefinedreturns.js:11:32:11:32 | 1 |
+| undefinedreturns.js:12:29:12:35 | () => 1 | undefinedreturns.js:12:35:12:35 | 1 |
+| undefinedreturns.js:13:1:13:28 | functio ... n() { } | undefinedreturns.js:13:26:13:28 | { } |
+| undefinedreturns.js:14:1:14:29 | async f ... n() { } | undefinedreturns.js:14:27:14:29 | { } |
+| undefinedreturns.js:15:1:15:40 | functio ... ow 1; } | undefinedreturns.js:15:29:15:40 | { throw 1; } |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } | undefinedreturns.js:16:30:16:41 | { yield 1; } |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } | undefinedreturns.js:17:37:17:49 | { return 1; } |
+| undefinedreturns.js:27:1:27:30 | functio ... y() { } | undefinedreturns.js:27:28:27:30 | { } |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } | undefinedreturns.js:28:38:28:48 | { return; } |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } | undefinedreturns.js:29:28:29:54 | { if (t ...  1; } } |
+| undefinedreturns.js:30:29:30:37 | () => { } | undefinedreturns.js:30:35:30:37 | { } |
 test_getId
 | defaultargs.js:1:1:1:24 | functio ... +19) {} | defaultargs.js:1:10:1:10 | f | f |
 | generators.js:1:1:4:1 | functio ...  i++;\\n} | generators.js:1:11:1:13 | foo | foo |
@@ -110,6 +155,14 @@ test_getId
 | tst.js:11:1:11:35 | functio ... ts; } } | tst.js:11:10:11:10 | m | m |
 | tst.js:12:1:12:44 | functio ... s) {} } | tst.js:12:10:12:10 | n | n |
 | tst.js:14:1:14:37 | functio ... s[0]; } | tst.js:14:10:14:10 | p | p |
+| undefinedreturns.js:13:1:13:28 | functio ... n() { } | undefinedreturns.js:13:11:13:22 | generator_fn | generator_fn |
+| undefinedreturns.js:14:1:14:29 | async f ... n() { } | undefinedreturns.js:14:16:14:23 | async_fn | async_fn |
+| undefinedreturns.js:15:1:15:40 | functio ... ow 1; } | undefinedreturns.js:15:10:15:25 | fn_w_final_throw | fn_w_final_throw |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } | undefinedreturns.js:16:11:16:26 | fn_w_final_yield | fn_w_final_yield |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } | undefinedreturns.js:17:10:17:33 | fn_w_fi ... _w_expr | fn_w_final_return_w_expr |
+| undefinedreturns.js:27:1:27:30 | functio ... y() { } | undefinedreturns.js:27:10:27:24 | fn_w_empty_body | fn_w_empty_body |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } | undefinedreturns.js:28:10:28:34 | fn_w_fi ... wo_expr | fn_w_final_return_wo_expr |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } | undefinedreturns.js:29:10:29:24 | fn_w_final_expr | fn_w_final_expr |
 test_hasRestParameter
 | restparms.js:1:1:2:1 | functio ... ys) {\\n} |
 test_getArgumentsVariable
@@ -130,6 +183,15 @@ test_getArgumentsVariable
 | tst.js:11:1:11:35 | functio ... ts; } } |
 | tst.js:12:1:12:44 | functio ... s) {} } |
 | tst.js:14:1:14:37 | functio ... s[0]; } |
+| undefinedreturns.js:11:20:11:32 | function () 1 |
+| undefinedreturns.js:13:1:13:28 | functio ... n() { } |
+| undefinedreturns.js:14:1:14:29 | async f ... n() { } |
+| undefinedreturns.js:15:1:15:40 | functio ... ow 1; } |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } |
+| undefinedreturns.js:27:1:27:30 | functio ... y() { } |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } |
 test_getBodyStmt
 | arrowfns.js:3:12:3:41 | () => { ... "); ; } | 0 | arrowfns.js:3:20:3:37 | alert("Wake up!"); |
 | arrowfns.js:3:12:3:41 | () => { ... "); ; } | 1 | arrowfns.js:3:39:3:39 | ; |
@@ -138,9 +200,16 @@ test_getBodyStmt
 | tst.js:11:1:11:35 | functio ... ts; } } | 0 | tst.js:11:16:11:33 | { var arguments; } |
 | tst.js:12:1:12:44 | functio ... s) {} } | 0 | tst.js:12:16:12:42 | try { } ... nts) {} |
 | tst.js:14:1:14:37 | functio ... s[0]; } | 0 | tst.js:14:16:14:35 | return arguments[0]; |
+| undefinedreturns.js:15:1:15:40 | functio ... ow 1; } | 0 | undefinedreturns.js:15:31:15:38 | throw 1; |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } | 0 | undefinedreturns.js:16:32:16:39 | yield 1; |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } | 0 | undefinedreturns.js:17:39:17:47 | return 1; |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } | 0 | undefinedreturns.js:28:40:28:46 | return; |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } | 0 | undefinedreturns.js:29:30:29:52 | if (tes ... rn 1; } |
 test_isGenerator
 | generators.js:1:1:4:1 | functio ...  i++;\\n} |
 | generators.js:6:2:6:19 | function* bar() {} |
+| undefinedreturns.js:13:1:13:28 | functio ... n() { } |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } |
 test_usesArgumentsObject
 | tst.js:14:1:14:37 | functio ... s[0]; } |
 test_getEnclosingStmt
@@ -164,7 +233,41 @@ test_getEnclosingStmt
 | tst.js:11:1:11:35 | functio ... ts; } } | tst.js:11:1:11:35 | functio ... ts; } } |
 | tst.js:12:1:12:44 | functio ... s) {} } | tst.js:12:1:12:44 | functio ... s) {} } |
 | tst.js:14:1:14:37 | functio ... s[0]; } | tst.js:14:1:14:37 | functio ... s[0]; } |
+| undefinedreturns.js:11:20:11:32 | function () 1 | undefinedreturns.js:11:1:11:33 | const f ... n () 1; |
+| undefinedreturns.js:12:29:12:35 | () => 1 | undefinedreturns.js:12:1:12:36 | const a ... ) => 1; |
+| undefinedreturns.js:13:1:13:28 | functio ... n() { } | undefinedreturns.js:13:1:13:28 | functio ... n() { } |
+| undefinedreturns.js:14:1:14:29 | async f ... n() { } | undefinedreturns.js:14:1:14:29 | async f ... n() { } |
+| undefinedreturns.js:15:1:15:40 | functio ... ow 1; } | undefinedreturns.js:15:1:15:40 | functio ... ow 1; } |
+| undefinedreturns.js:16:1:16:41 | functio ... ld 1; } | undefinedreturns.js:16:1:16:41 | functio ... ld 1; } |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } | undefinedreturns.js:17:1:17:49 | functio ... rn 1; } |
+| undefinedreturns.js:27:1:27:30 | functio ... y() { } | undefinedreturns.js:27:1:27:30 | functio ... y() { } |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } | undefinedreturns.js:28:1:28:48 | functio ... turn; } |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } | undefinedreturns.js:29:1:29:54 | functio ...  1; } } |
+| undefinedreturns.js:30:29:30:37 | () => { } | undefinedreturns.js:30:1:30:38 | const a ... => { }; |
 test_isRestParameter
 | restparms.js:1:18:1:19 | ys |
 test_ReturnStmt
 | tst.js:14:1:14:37 | functio ... s[0]; } | tst.js:14:16:14:35 | return arguments[0]; |
+| undefinedreturns.js:17:1:17:49 | functio ... rn 1; } | undefinedreturns.js:17:39:17:47 | return 1; |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } | undefinedreturns.js:28:40:28:46 | return; |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } | undefinedreturns.js:29:42:29:50 | return 1; |
+test_getAnUndefinedReturn
+| arrowfns.js:3:12:3:41 | () => { ... "); ; } | arrowfns.js:3:39:3:39 | ; |
+| defaultargs.js:1:1:1:24 | functio ... +19) {} | defaultargs.js:1:23:1:24 | {} |
+| restparms.js:1:1:2:1 | functio ... ys) {\\n} | restparms.js:1:22:2:1 | {\\n} |
+| tst.js:1:1:1:15 | function A() {} | tst.js:1:14:1:15 | {} |
+| tst.js:2:1:2:16 | function B(x) {} | tst.js:2:15:2:16 | {} |
+| tst.js:3:1:3:19 | function C(x, y) {} | tst.js:3:18:3:19 | {} |
+| tst.js:4:9:4:21 | function() {} | tst.js:4:20:4:21 | {} |
+| tst.js:5:2:5:15 | function(x) {} | tst.js:5:14:5:15 | {} |
+| tst.js:6:2:6:18 | function(x, y) {} | tst.js:6:17:6:18 | {} |
+| tst.js:7:9:7:23 | function h() {} | tst.js:7:22:7:23 | {} |
+| tst.js:9:1:9:24 | functio ... nts) {} | tst.js:9:23:9:24 | {} |
+| tst.js:10:1:10:31 | functio ... ents; } | tst.js:10:20:10:28 | arguments |
+| tst.js:11:1:11:35 | functio ... ts; } } | tst.js:11:22:11:30 | arguments |
+| tst.js:12:1:12:44 | functio ... s) {} } | tst.js:12:20:12:22 | { } |
+| tst.js:12:1:12:44 | functio ... s) {} } | tst.js:12:41:12:42 | {} |
+| undefinedreturns.js:27:1:27:30 | functio ... y() { } | undefinedreturns.js:27:28:27:30 | { } |
+| undefinedreturns.js:28:1:28:48 | functio ... turn; } | undefinedreturns.js:28:40:28:46 | return; |
+| undefinedreturns.js:29:1:29:54 | functio ...  1; } } | undefinedreturns.js:29:34:29:37 | test |
+| undefinedreturns.js:30:29:30:37 | () => { } | undefinedreturns.js:30:35:30:37 | { } |
--- a/javascript/ql/test/library-tests/Functions/tests.ql
+++ b/javascript/ql/test/library-tests/Functions/tests.ql
@@ -14,3 +14,4 @@ import usesArgumentsObject
 import getEnclosingStmt
 import isRestParameter
 import ReturnStmt
+import getAnUndefinedReturn
--- a/javascript/ql/test/library-tests/Functions/undefinedreturns.js
+++ b/javascript/ql/test/library-tests/Functions/undefinedreturns.js
@@ -0,0 +1,30 @@
+//semmle-extractor-options: --experimental
+
+
+
+//////////////////
+//              //
+//  DON'T FIND  //
+//              //
+//////////////////
+
+const fn_closure = function () 1;
+const arrowfn_w_expr_body = () => 1;
+function* generator_fn() { }
+async function async_fn() { }
+function fn_w_final_throw() { throw 1; }
+function* fn_w_final_yield() { yield 1; }
+function fn_w_final_return_w_expr() { return 1; }
+
+
+
+////////////
+//        //
+//  FIND  //
+//        //
+////////////
+
+function fn_w_empty_body() { }
+function fn_w_final_return_wo_expr() { return; }
+function fn_w_final_expr() { if (test) { return 1; } }
+const arrowfn_w_blockbody = () => { };
--- a/javascript/ql/test/library-tests/frameworks/Base64/Base64.js
+++ b/javascript/ql/test/library-tests/frameworks/Base64/Base64.js
@@ -0,0 +1,6 @@
+var Base64 = require("Base64");
+
+function roundtrip(data) {
+  var encoded = Base64.btoa(data);
+  return Base64.atob(encoded);
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/Buffer.js
+++ b/javascript/ql/test/library-tests/frameworks/Base64/Buffer.js
@@ -0,0 +1,9 @@
+function roundtrip(data) {
+  var encoded = Buffer.from(data, 'base64');
+  return encoded.toString('base64');
+}
+
+function roundtrip2(data) {
+  var encoded = Buffer.from(data, 'hex');
+  return encoded.toString('hex');
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/Decode.qll
+++ b/javascript/ql/test/library-tests/frameworks/Base64/Decode.qll
@@ -0,0 +1,10 @@
+import javascript
+
+query Base64::Decode test_Decode() {
+  any()
+}
+
+query predicate test_Decode_input_output(Base64::Decode decode, DataFlow::Node input, DataFlow::Node output) {
+  input = decode.getInput() and
+  output = decode.getOutput()
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/Encode.qll
+++ b/javascript/ql/test/library-tests/frameworks/Base64/Encode.qll
@@ -0,0 +1,10 @@
+import javascript
+
+query Base64::Encode test_Encode() {
+  any()
+}
+
+query predicate test_Encode_input_output(Base64::Encode encode, DataFlow::Node input, DataFlow::Node output) {
+  input = encode.getInput() and
+  output = encode.getOutput()
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/base-64.js
+++ b/javascript/ql/test/library-tests/frameworks/Base64/base-64.js
@@ -0,0 +1,6 @@
+var base64 = require('base-64');
+
+function roundtrip(data) {
+  var encoded = base64.encode(data);
+  return base64.decode(encoded);
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/base64-js.js
+++ b/javascript/ql/test/library-tests/frameworks/Base64/base64-js.js
@@ -0,0 +1,6 @@
+var base64 = require('base64-js');
+
+function roundtrip(data) {
+  var encoded = base64.toByteArray(data);
+  return base64.fromByteArray(encoded);
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/dom.js
+++ b/javascript/ql/test/library-tests/frameworks/Base64/dom.js
@@ -0,0 +1,4 @@
+function roundtrip(data) {
+  var encoded = btoa(data);
+  return atob(encoded);
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/js-base64.js
+++ b/javascript/ql/test/library-tests/frameworks/Base64/js-base64.js
@@ -0,0 +1,11 @@
+var base64 = require('js-base64').Base64;
+
+function roundtrip1(data) {
+  var encoded = base64.encode(data);
+  return base64.decode(encoded);
+}
+
+function roundtrip2(data) {
+  var encoded = base64.encodeURI(data);
+  return base64.decode(encoded);
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/js-base64b.js
+++ b/javascript/ql/test/library-tests/frameworks/Base64/js-base64b.js
@@ -0,0 +1,11 @@
+import { Base64 as base64 } from 'js-base64';
+
+function roundtrip1(data) {
+  var encoded = base64.encode(data);
+  return base64.decode(encoded);
+}
+
+function roundtrip2(data) {
+  var encoded = base64.encodeURI(data);
+  return base64.decode(encoded);
+}
--- a/javascript/ql/test/library-tests/frameworks/Base64/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/Base64/tests.expected
@@ -0,0 +1,40 @@
+test_Encode
+| Base64.js:4:17:4:33 | Base64.btoa(data) |
+| Buffer.js:3:10:3:35 | encoded ... ase64') |
+| base64-js.js:4:17:4:40 | base64. ... y(data) |
+| base-64.js:4:17:4:35 | base64.encode(data) |
+| dom.js:2:17:2:26 | btoa(data) |
+| js-base64.js:4:17:4:35 | base64.encode(data) |
+| js-base64.js:9:17:9:38 | base64. ... I(data) |
+| js-base64b.js:4:17:4:35 | base64.encode(data) |
+| js-base64b.js:9:17:9:38 | base64. ... I(data) |
+test_Encode_input_output
+| Base64.js:4:17:4:33 | Base64.btoa(data) | Base64.js:4:29:4:32 | data | Base64.js:4:17:4:33 | Base64.btoa(data) |
+| Buffer.js:3:10:3:35 | encoded ... ase64') | Buffer.js:3:10:3:16 | encoded | Buffer.js:3:10:3:35 | encoded ... ase64') |
+| base64-js.js:4:17:4:40 | base64. ... y(data) | base64-js.js:4:36:4:39 | data | base64-js.js:4:17:4:40 | base64. ... y(data) |
+| base-64.js:4:17:4:35 | base64.encode(data) | base-64.js:4:31:4:34 | data | base-64.js:4:17:4:35 | base64.encode(data) |
+| dom.js:2:17:2:26 | btoa(data) | dom.js:2:22:2:25 | data | dom.js:2:17:2:26 | btoa(data) |
+| js-base64.js:4:17:4:35 | base64.encode(data) | js-base64.js:4:31:4:34 | data | js-base64.js:4:17:4:35 | base64.encode(data) |
+| js-base64.js:9:17:9:38 | base64. ... I(data) | js-base64.js:9:34:9:37 | data | js-base64.js:9:17:9:38 | base64. ... I(data) |
+| js-base64b.js:4:17:4:35 | base64.encode(data) | js-base64b.js:4:31:4:34 | data | js-base64b.js:4:17:4:35 | base64.encode(data) |
+| js-base64b.js:9:17:9:38 | base64. ... I(data) | js-base64b.js:9:34:9:37 | data | js-base64b.js:9:17:9:38 | base64. ... I(data) |
+test_Decode
+| Base64.js:5:10:5:29 | Base64.atob(encoded) |
+| Buffer.js:2:17:2:43 | Buffer. ... ase64') |
+| base64-js.js:5:10:5:38 | base64. ... ncoded) |
+| base-64.js:5:10:5:31 | base64. ... ncoded) |
+| dom.js:3:10:3:22 | atob(encoded) |
+| js-base64.js:5:10:5:31 | base64. ... ncoded) |
+| js-base64.js:10:10:10:31 | base64. ... ncoded) |
+| js-base64b.js:5:10:5:31 | base64. ... ncoded) |
+| js-base64b.js:10:10:10:31 | base64. ... ncoded) |
+test_Decode_input_output
+| Base64.js:5:10:5:29 | Base64.atob(encoded) | Base64.js:5:22:5:28 | encoded | Base64.js:5:10:5:29 | Base64.atob(encoded) |
+| Buffer.js:2:17:2:43 | Buffer. ... ase64') | Buffer.js:2:29:2:32 | data | Buffer.js:2:17:2:43 | Buffer. ... ase64') |
+| base64-js.js:5:10:5:38 | base64. ... ncoded) | base64-js.js:5:31:5:37 | encoded | base64-js.js:5:10:5:38 | base64. ... ncoded) |
+| base-64.js:5:10:5:31 | base64. ... ncoded) | base-64.js:5:24:5:30 | encoded | base-64.js:5:10:5:31 | base64. ... ncoded) |
+| dom.js:3:10:3:22 | atob(encoded) | dom.js:3:15:3:21 | encoded | dom.js:3:10:3:22 | atob(encoded) |
+| js-base64.js:5:10:5:31 | base64. ... ncoded) | js-base64.js:5:24:5:30 | encoded | js-base64.js:5:10:5:31 | base64. ... ncoded) |
+| js-base64.js:10:10:10:31 | base64. ... ncoded) | js-base64.js:10:24:10:30 | encoded | js-base64.js:10:10:10:31 | base64. ... ncoded) |
+| js-base64b.js:5:10:5:31 | base64. ... ncoded) | js-base64b.js:5:24:5:30 | encoded | js-base64b.js:5:10:5:31 | base64. ... ncoded) |
+| js-base64b.js:10:10:10:31 | base64. ... ncoded) | js-base64b.js:10:24:10:30 | encoded | js-base64b.js:10:10:10:31 | base64. ... ncoded) |
--- a/javascript/ql/test/library-tests/frameworks/Base64/tests.ql
+++ b/javascript/ql/test/library-tests/frameworks/Base64/tests.ql
@@ -0,0 +1,2 @@
+import Encode
+import Decode
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/AdditionalFlowStep.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/AdditionalFlowStep.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_AdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+  exists(DataFlow::AdditionalFlowStep step | step.step(pred, succ) | any())
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ClientReceiveNode(
+  SocketIOClient::ReceiveNode rn, SocketIOClient::SocketNode res
+) {
+  res = rn.getSocket()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getASender.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getASender.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ClientReceiveNode_getASender(
+  SocketIOClient::ReceiveNode rn, SocketIO::SendNode res
+) {
+  res = rn.getASender()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getAck.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getAck.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ClientReceiveNode_getAck(
+  SocketIOClient::ReceiveNode rn, DataFlow::SourceNode res
+) {
+  res = rn.getAck()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getEventName.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getEventName.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_ClientReceiveNode_getEventName(SocketIOClient::ReceiveNode rn, string res) {
+  res = rn.getEventName()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getReceivedItem.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getReceivedItem.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ClientReceiveNode_getReceivedItem(
+  SocketIOClient::ReceiveNode rn, int i, DataFlow::SourceNode res
+) {
+  res = rn.getReceivedItem(i)
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ClientSendNode(
+  SocketIOClient::SendNode sn, SocketIOClient::SocketNode res0, string res1
+) {
+  res0 = sn.getSocket() and res1 = sn.getNamespacePath()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getAReceiver.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getAReceiver.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ClientSendNode_getAReceiver(
+  SocketIOClient::SendNode sn, SocketIO::ReceiveNode res
+) {
+  res = sn.getAReceiver()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getAck.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getAck.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_ClientSendNode_getAck(SocketIOClient::SendNode sn, DataFlow::FunctionNode res) {
+  res = sn.getAck()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getEventName.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getEventName.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_ClientSendNode_getEventName(SocketIOClient::SendNode sn, string res) {
+  res = sn.getEventName()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getSentItem.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getSentItem.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ClientSendNode_getSentItem(
+  SocketIOClient::SendNode sn, int i, DataFlow::Node res
+) {
+  res = sn.getSentItem(i)
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSocketNode.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ClientSocketNode.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_ClientSocketNode(SocketIOClient::SocketNode sn, string res) {
+  res = sn.getNamespacePath()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceNode.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceNode.expected
@@ -1,27 +0,0 @@
-| tst.js:25:10:25:19 | io.sockets |
-| tst.js:26:1:26:10 | io.of("/") |
-| tst.js:27:1:27:12 | ns.use(auth) |
-| tst.js:28:1:28:11 | ns.to(room) |
-| tst.js:29:1:29:11 | ns.in(room) |
-| tst.js:30:1:30:28 | ns.emit ... event') |
-| tst.js:31:1:31:20 | ns.send('a message') |
-| tst.js:32:1:32:21 | ns.writ ... ssage') |
-| tst.js:33:1:33:14 | ns.clients(cb) |
-| tst.js:34:1:34:17 | ns.compress(true) |
-| tst.js:35:1:35:16 | ns.binary(false) |
-| tst.js:36:1:36:12 | io.use(auth) |
-| tst.js:37:1:37:11 | io.to(room) |
-| tst.js:38:1:38:11 | io.in(room) |
-| tst.js:39:1:39:31 | io.emit ... ssage') |
-| tst.js:40:1:40:20 | io.send('a message') |
-| tst.js:41:1:41:21 | io.writ ... ssage') |
-| tst.js:42:1:42:14 | io.clients(cb) |
-| tst.js:43:1:43:17 | io.compress(true) |
-| tst.js:44:1:44:16 | io.binary(false) |
-| tst.js:45:1:45:7 | ns.json |
-| tst.js:46:1:46:11 | ns.volatile |
-| tst.js:47:1:47:8 | ns.local |
-| tst.js:50:1:66:2 | io.on(' ... cal;\\n}) |
-| tst.js:67:1:67:35 | io.on(' ...  => {}) |
-| tst.js:68:1:68:32 | ns.on(' ...  => {}) |
-| tst.js:69:1:73:2 | ns.on(' ... {});\\n}) |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceNode.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceNode.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::NamespaceNode ns
-select ns
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceNode.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceNode.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_NamespaceNode(SocketIO::NamespaceNode ns, SocketIO::NamespaceObject res) {
+  res = ns.getNamespace()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceObject.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/NamespaceObject.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_NamespaceObject(
+  SocketIO::NamespaceObject ns, SocketIO::ServerObject res0, string res1
+) {
+  res0 = ns.getServer() and res1 = ns.getPath()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode.expected
@@ -1,3 +0,0 @@
-| tst.js:70:3:70:35 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
-| tst.js:71:3:71:46 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
-| tst.js:72:3:72:43 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::ReceiveNode rn
-select rn, rn.getSocket()
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_ReceiveNode(SocketIO::ReceiveNode rn, SocketIO::SocketNode res) {
+  res = rn.getSocket()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getAReceivedItem.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getAReceivedItem.expected
@@ -1,3 +0,0 @@
-| tst.js:70:3:70:35 | socket. ...  => {}) | tst.js:70:25:70:27 | msg |
-| tst.js:71:3:71:46 | socket. ...  => {}) | tst.js:71:27:71:31 | data1 |
-| tst.js:71:3:71:46 | socket. ...  => {}) | tst.js:71:34:71:38 | data2 |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getAReceivedItem.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getAReceivedItem.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::ReceiveNode rn
-select rn, rn.getAReceivedItem()
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getASender.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getASender.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_ReceiveNode_getASender(SocketIO::ReceiveNode rn, SocketIOClient::SendNode res) {
+  res = rn.getASender()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getEventName.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getEventName.expected
@@ -1,2 +0,0 @@
-| tst.js:70:3:70:35 | socket. ...  => {}) | message |
-| tst.js:71:3:71:46 | socket. ...  => {}) | message |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getEventName.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getEventName.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::ReceiveNode rn
-select rn, rn.getEventName()
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getEventName.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getEventName.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_ReceiveNode_getEventName(SocketIO::ReceiveNode rn, string res) {
+  res = rn.getEventName()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getReceivedItem.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getReceivedItem.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ReceiveNode_getReceivedItem(
+  SocketIO::ReceiveNode rn, int i, DataFlow::SourceNode res
+) {
+  res = rn.getReceivedItem(i)
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode.expected
@@ -1,9 +0,0 @@
-| tst.js:30:1:30:28 | ns.emit ... event') |
-| tst.js:31:1:31:20 | ns.send('a message') |
-| tst.js:32:1:32:21 | ns.writ ... ssage') |
-| tst.js:39:1:39:31 | io.emit ... ssage') |
-| tst.js:40:1:40:20 | io.send('a message') |
-| tst.js:41:1:41:21 | io.writ ... ssage') |
-| tst.js:51:3:51:22 | socket.emit('event') |
-| tst.js:54:3:54:43 | socket. ...  => {}) |
-| tst.js:55:3:55:27 | socket. ... ssage') |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::SendNode sn
-select sn
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_SendNode(SocketIO::SendNode sn, SocketIO::NamespaceObject res) {
+  res = sn.getNamespace()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAReceiver.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAReceiver.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_SendNode_getAReceiver(SocketIO::SendNode sn, SocketIOClient::ReceiveNode res) {
+  res = sn.getAReceiver()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getASentItem.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getASentItem.expected
@@ -1,9 +0,0 @@
-| tst.js:30:1:30:28 | ns.emit ... event') | tst.js:30:18:30:27 | 'an event' |
-| tst.js:31:1:31:20 | ns.send('a message') | tst.js:31:9:31:19 | 'a message' |
-| tst.js:32:1:32:21 | ns.writ ... ssage') | tst.js:32:10:32:20 | 'a message' |
-| tst.js:39:1:39:31 | io.emit ... ssage') | tst.js:39:20:39:30 | 'a message' |
-| tst.js:40:1:40:20 | io.send('a message') | tst.js:40:9:40:19 | 'a message' |
-| tst.js:41:1:41:21 | io.writ ... ssage') | tst.js:41:10:41:20 | 'a message' |
-| tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:54:15:54:17 | 'a' |
-| tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:54:20:54:28 | 'message' |
-| tst.js:55:3:55:27 | socket. ... ssage') | tst.js:55:16:55:26 | 'a message' |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getASentItem.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getASentItem.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::SendNode sn
-select sn, sn.getASentItem()
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAck.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAck.expected
@@ -1 +0,0 @@
-| tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:54:31:54:42 | (data) => {} |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAck.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAck.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::SendNode sn
-select sn, sn.getAck()
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAck.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getAck.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_SendNode_getAck(SocketIO::SendNode sn, DataFlow::FunctionNode res) {
+  res = sn.getAck()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSentItem.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSentItem.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_SendNode_getSentItem(SocketIO::SendNode sn, int i, DataFlow::Node res) {
+  res = sn.getSentItem(i)
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSocket.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSocket.expected
@@ -1,3 +0,0 @@
-| tst.js:51:3:51:22 | socket.emit('event') | tst.js:50:19:50:24 | socket |
-| tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:50:19:50:24 | socket |
-| tst.js:55:3:55:27 | socket. ... ssage') | tst.js:50:19:50:24 | socket |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSocket.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSocket.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::SendNode sn
-select sn, sn.getSocket()
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSocket.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSocket.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_SendNode_getSocket(SocketIO::SendNode sn, SocketIO::SocketNode res) {
+  res = sn.getSocket()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ServerNode.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ServerNode.expected
@@ -1,12 +0,0 @@
-| tst.js:1:12:1:33 | require ... .io')() |
-| tst.js:4:13:4:24 | new Server() |
-| tst.js:6:13:6:27 | Server.listen() |
-| tst.js:9:1:9:21 | io.serv ... (false) |
-| tst.js:10:1:10:21 | io.set( ... s', []) |
-| tst.js:11:1:11:21 | io.path ... npath') |
-| tst.js:12:1:12:15 | io.adapter(foo) |
-| tst.js:13:1:13:14 | io.origins([]) |
-| tst.js:14:1:14:15 | io.listen(http) |
-| tst.js:15:1:15:15 | io.attach(http) |
-| tst.js:16:1:16:15 | io.bind(engine) |
-| tst.js:17:1:17:23 | io.onco ... socket) |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ServerNode.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ServerNode.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::ServerNode srv
-select srv
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ServerNode.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ServerNode.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_ServerNode(SocketIO::ServerNode srv, SocketIO::ServerObject res) {
+  res = srv.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/ServerObject.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/ServerObject.qll
@@ -0,0 +1,7 @@
+import javascript
+
+query predicate test_ServerObject(
+  SocketIO::ServerObject srv, DataFlow::SourceNode res0, SocketIO::NamespaceObject res1
+) {
+  res0 = srv.getOrigin() and res1 = srv.getDefaultNamespace()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SocketNode.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SocketNode.expected
@@ -1,21 +0,0 @@
-| tst.js:50:19:50:24 | socket |
-| tst.js:51:3:51:22 | socket.emit('event') |
-| tst.js:52:3:52:17 | socket.to(room) |
-| tst.js:53:3:53:17 | socket.in(room) |
-| tst.js:54:3:54:43 | socket. ...  => {}) |
-| tst.js:55:3:55:27 | socket. ... ssage') |
-| tst.js:56:3:56:19 | socket.join(room) |
-| tst.js:57:3:57:20 | socket.leave(room) |
-| tst.js:58:3:58:16 | socket.use(cb) |
-| tst.js:59:3:59:23 | socket. ... s(true) |
-| tst.js:60:3:60:22 | socket.binary(false) |
-| tst.js:61:3:61:25 | socket. ... t(true) |
-| tst.js:62:3:62:13 | socket.json |
-| tst.js:63:3:63:17 | socket.volatile |
-| tst.js:64:3:64:18 | socket.broadcast |
-| tst.js:65:3:65:14 | socket.local |
-| tst.js:67:22:67:27 | socket |
-| tst.js:68:19:68:24 | socket |
-| tst.js:69:22:69:27 | socket |
-| tst.js:70:3:70:35 | socket. ...  => {}) |
-| tst.js:71:3:71:46 | socket. ...  => {}) |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SocketNode.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SocketNode.ql
@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::SocketNode sn
-select sn
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/SocketNode.qll
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/SocketNode.qll
@@ -0,0 +1,5 @@
+import javascript
+
+query predicate test_SocketNode(SocketIO::SocketNode sn, SocketIO::NamespaceObject res) {
+  res = sn.getNamespace()
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/client1.js
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/client1.js
@@ -0,0 +1,2 @@
+io(); 
+io.connect("/messages");
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/client2.js
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/client2.js
@@ -0,0 +1,20 @@
+var sock = require("socket.io-client")("ws://localhost");
+var sock2 = require("socket.io-client").connect("http://example.com/foo/bar?q=v#abc");
+
+sock.on('message', (x, y) => {
+  console.log(x, y);
+})
+
+sock.on(eventName(), (msg) => {});
+
+sock.on('event', (x, cb) => {
+  cb("received");
+});
+
+sock.emit('data', "hi", "there");
+
+sock.write("do you copy?", () => {});
+
+sock2.on('message', (x) => {
+  console.log(x);
+});
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/client3.js
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/client3.js
@@ -0,0 +1,3 @@
+import io from "socket.io-client";
+
+io();
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/package.json
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/package.json
@@ -0,0 +1,3 @@
+{
+  "name": "socket.io-tests"
+}
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/tests.expected
@@ -0,0 +1,211 @@
+test_ClientReceiveNode_getEventName
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | message |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | event |
+| client2.js:18:1:20:2 | sock2.o ... (x);\\n}) | message |
+test_NamespaceNode
+| tst.js:25:10:25:19 | io.sockets | socket.io namespace with path '/' |
+| tst.js:26:11:26:27 | io.of("/foo/bar") | socket.io namespace with path '/foo/bar' |
+| tst.js:27:1:27:12 | ns.use(auth) | socket.io namespace with path '/' |
+| tst.js:28:1:28:11 | ns.to(room) | socket.io namespace with path '/' |
+| tst.js:29:1:29:11 | ns.in(room) | socket.io namespace with path '/' |
+| tst.js:30:1:30:28 | ns.emit ... event') | socket.io namespace with path '/' |
+| tst.js:31:1:31:20 | ns.send('a message') | socket.io namespace with path '/' |
+| tst.js:32:1:32:22 | ns2.wri ... ssage') | socket.io namespace with path '/foo/bar' |
+| tst.js:33:1:33:14 | ns.clients(cb) | socket.io namespace with path '/' |
+| tst.js:34:1:34:17 | ns.compress(true) | socket.io namespace with path '/' |
+| tst.js:35:1:35:16 | ns.binary(false) | socket.io namespace with path '/' |
+| tst.js:36:1:36:12 | io.use(auth) | socket.io namespace with path '/' |
+| tst.js:37:1:37:11 | io.to(room) | socket.io namespace with path '/' |
+| tst.js:38:1:38:11 | io.in(room) | socket.io namespace with path '/' |
+| tst.js:39:1:39:31 | io.emit ... ssage') | socket.io namespace with path '/' |
+| tst.js:40:1:40:20 | io.send('a message') | socket.io namespace with path '/' |
+| tst.js:41:1:41:21 | io.writ ... ssage') | socket.io namespace with path '/' |
+| tst.js:42:1:42:14 | io.clients(cb) | socket.io namespace with path '/' |
+| tst.js:43:1:43:17 | io.compress(true) | socket.io namespace with path '/' |
+| tst.js:44:1:44:16 | io.binary(false) | socket.io namespace with path '/' |
+| tst.js:45:1:45:7 | ns.json | socket.io namespace with path '/' |
+| tst.js:46:1:46:11 | ns.volatile | socket.io namespace with path '/' |
+| tst.js:47:1:47:8 | ns.local | socket.io namespace with path '/' |
+| tst.js:50:1:66:2 | io.on(' ... cal;\\n}) | socket.io namespace with path '/' |
+| tst.js:67:1:67:35 | io.on(' ...  => {}) | socket.io namespace with path '/' |
+| tst.js:68:1:68:32 | ns.on(' ...  => {}) | socket.io namespace with path '/' |
+| tst.js:69:1:73:2 | ns.on(' ... {});\\n}) | socket.io namespace with path '/' |
+test_ClientReceiveNode_getASender
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:31:1:31:20 | ns.send('a message') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:39:1:39:31 | io.emit ... ssage') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:40:1:40:20 | io.send('a message') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:41:1:41:21 | io.writ ... ssage') |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:54:3:54:43 | socket. ...  => {}) |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | tst.js:55:3:55:27 | socket. ... ssage') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:30:1:30:28 | ns.emit ... event') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:31:1:31:20 | ns.send('a message') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:39:1:39:31 | io.emit ... ssage') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:40:1:40:20 | io.send('a message') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:41:1:41:21 | io.writ ... ssage') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:51:3:51:22 | socket.emit('event') |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:54:3:54:43 | socket. ...  => {}) |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | tst.js:55:3:55:27 | socket. ... ssage') |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:30:1:30:28 | ns.emit ... event') |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | tst.js:51:3:51:22 | socket.emit('event') |
+| client2.js:18:1:20:2 | sock2.o ... (x);\\n}) | tst.js:32:1:32:22 | ns2.wri ... ssage') |
+test_ReceiveNode
+| tst.js:70:3:70:35 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
+| tst.js:71:3:71:46 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
+| tst.js:72:3:72:43 | socket. ...  => {}) | tst.js:69:22:69:27 | socket |
+test_SendNode_getSentItem
+| tst.js:30:1:30:28 | ns.emit ... event') | 0 | tst.js:30:18:30:27 | 'an event' |
+| tst.js:31:1:31:20 | ns.send('a message') | 0 | tst.js:31:9:31:19 | 'a message' |
+| tst.js:32:1:32:22 | ns2.wri ... ssage') | 0 | tst.js:32:11:32:21 | 'a message' |
+| tst.js:39:1:39:31 | io.emit ... ssage') | 0 | tst.js:39:20:39:30 | 'a message' |
+| tst.js:40:1:40:20 | io.send('a message') | 0 | tst.js:40:9:40:19 | 'a message' |
+| tst.js:41:1:41:21 | io.writ ... ssage') | 0 | tst.js:41:10:41:20 | 'a message' |
+| tst.js:54:3:54:43 | socket. ...  => {}) | 0 | tst.js:54:15:54:17 | 'a' |
+| tst.js:54:3:54:43 | socket. ...  => {}) | 1 | tst.js:54:20:54:28 | 'message' |
+| tst.js:55:3:55:27 | socket. ... ssage') | 0 | tst.js:55:16:55:26 | 'a message' |
+test_AdditionalFlowStep
+| client2.js:16:12:16:25 | "do you copy?" | tst.js:70:25:70:27 | msg |
+| client2.js:16:12:16:25 | "do you copy?" | tst.js:71:27:71:31 | data1 |
+| client3.js:1:8:1:9 | io | client3.js:1:8:1:9 | io |
+| tst.js:30:18:30:27 | 'an event' | client2.js:8:23:8:25 | msg |
+| tst.js:30:18:30:27 | 'an event' | client2.js:10:19:10:19 | x |
+| tst.js:31:9:31:19 | 'a message' | client2.js:4:21:4:21 | x |
+| tst.js:31:9:31:19 | 'a message' | client2.js:8:23:8:25 | msg |
+| tst.js:32:11:32:21 | 'a message' | client2.js:18:22:18:22 | x |
+| tst.js:39:20:39:30 | 'a message' | client2.js:4:21:4:21 | x |
+| tst.js:39:20:39:30 | 'a message' | client2.js:8:23:8:25 | msg |
+| tst.js:40:9:40:19 | 'a message' | client2.js:4:21:4:21 | x |
+| tst.js:40:9:40:19 | 'a message' | client2.js:8:23:8:25 | msg |
+| tst.js:41:10:41:20 | 'a message' | client2.js:4:21:4:21 | x |
+| tst.js:41:10:41:20 | 'a message' | client2.js:8:23:8:25 | msg |
+| tst.js:54:15:54:17 | 'a' | client2.js:4:21:4:21 | x |
+| tst.js:54:15:54:17 | 'a' | client2.js:8:23:8:25 | msg |
+| tst.js:54:20:54:28 | 'message' | client2.js:4:24:4:24 | y |
+| tst.js:55:16:55:26 | 'a message' | client2.js:4:21:4:21 | x |
+| tst.js:55:16:55:26 | 'a message' | client2.js:8:23:8:25 | msg |
+test_ClientSendNode_getAck
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | client2.js:16:28:16:35 | () => {} |
+test_SocketNode
+| tst.js:50:19:50:24 | socket | socket.io namespace with path '/' |
+| tst.js:51:3:51:22 | socket.emit('event') | socket.io namespace with path '/' |
+| tst.js:52:3:52:17 | socket.to(room) | socket.io namespace with path '/' |
+| tst.js:53:3:53:17 | socket.in(room) | socket.io namespace with path '/' |
+| tst.js:54:3:54:43 | socket. ...  => {}) | socket.io namespace with path '/' |
+| tst.js:55:3:55:27 | socket. ... ssage') | socket.io namespace with path '/' |
+| tst.js:56:3:56:19 | socket.join(room) | socket.io namespace with path '/' |
+| tst.js:57:3:57:20 | socket.leave(room) | socket.io namespace with path '/' |
+| tst.js:58:3:58:16 | socket.use(cb) | socket.io namespace with path '/' |
+| tst.js:59:3:59:23 | socket. ... s(true) | socket.io namespace with path '/' |
+| tst.js:60:3:60:22 | socket.binary(false) | socket.io namespace with path '/' |
+| tst.js:61:3:61:25 | socket. ... t(true) | socket.io namespace with path '/' |
+| tst.js:62:3:62:13 | socket.json | socket.io namespace with path '/' |
+| tst.js:63:3:63:17 | socket.volatile | socket.io namespace with path '/' |
+| tst.js:64:3:64:18 | socket.broadcast | socket.io namespace with path '/' |
+| tst.js:65:3:65:14 | socket.local | socket.io namespace with path '/' |
+| tst.js:67:22:67:27 | socket | socket.io namespace with path '/' |
+| tst.js:68:19:68:24 | socket | socket.io namespace with path '/' |
+| tst.js:69:22:69:27 | socket | socket.io namespace with path '/' |
+| tst.js:70:3:70:35 | socket. ...  => {}) | socket.io namespace with path '/' |
+| tst.js:71:3:71:46 | socket. ...  => {}) | socket.io namespace with path '/' |
+| tst.js:72:3:72:43 | socket. ...  => {}) | socket.io namespace with path '/' |
+test_ClientSendNode_getEventName
+| client2.js:14:1:14:32 | sock.em ... there") | data |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | message |
+test_ClientSendNode_getSentItem
+| client2.js:14:1:14:32 | sock.em ... there") | 0 | client2.js:14:19:14:22 | "hi" |
+| client2.js:14:1:14:32 | sock.em ... there") | 1 | client2.js:14:25:14:31 | "there" |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | 0 | client2.js:16:12:16:25 | "do you copy?" |
+test_ReceiveNode_getEventName
+| tst.js:70:3:70:35 | socket. ...  => {}) | message |
+| tst.js:71:3:71:46 | socket. ...  => {}) | message |
+test_ClientSocketNode
+| client1.js:1:1:1:4 | io() | / |
+| client1.js:2:1:2:23 | io.conn ... sages") | /messages |
+| client2.js:1:12:1:56 | require ... lhost") | / |
+| client2.js:2:13:2:85 | require ... v#abc") | /foo/bar |
+| client3.js:3:1:3:4 | io() | / |
+test_ReceiveNode_getASender
+| tst.js:70:3:70:35 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
+| tst.js:71:3:71:46 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
+| tst.js:72:3:72:43 | socket. ...  => {}) | client2.js:14:1:14:32 | sock.em ... there") |
+| tst.js:72:3:72:43 | socket. ...  => {}) | client2.js:16:1:16:36 | sock.wr ...  => {}) |
+test_ReceiveNode_getReceivedItem
+| tst.js:70:3:70:35 | socket. ...  => {}) | 0 | tst.js:70:25:70:27 | msg |
+| tst.js:71:3:71:46 | socket. ...  => {}) | 0 | tst.js:71:27:71:31 | data1 |
+| tst.js:71:3:71:46 | socket. ...  => {}) | 1 | tst.js:71:34:71:38 | data2 |
+test_SendNode_getSocket
+| tst.js:51:3:51:22 | socket.emit('event') | tst.js:50:19:50:24 | socket |
+| tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:50:19:50:24 | socket |
+| tst.js:55:3:55:27 | socket. ... ssage') | tst.js:50:19:50:24 | socket |
+test_ServerNode
+| tst.js:1:12:1:33 | require ... .io')() | tst.js:1:12:1:33 | socket.io server |
+| tst.js:4:13:4:24 | new Server() | tst.js:4:13:4:24 | socket.io server |
+| tst.js:6:13:6:27 | Server.listen() | tst.js:6:13:6:27 | socket.io server |
+| tst.js:9:1:9:21 | io.serv ... (false) | tst.js:1:12:1:33 | socket.io server |
+| tst.js:10:1:10:21 | io.set( ... s', []) | tst.js:1:12:1:33 | socket.io server |
+| tst.js:11:1:11:21 | io.path ... npath') | tst.js:1:12:1:33 | socket.io server |
+| tst.js:12:1:12:15 | io.adapter(foo) | tst.js:1:12:1:33 | socket.io server |
+| tst.js:13:1:13:14 | io.origins([]) | tst.js:1:12:1:33 | socket.io server |
+| tst.js:14:1:14:15 | io.listen(http) | tst.js:1:12:1:33 | socket.io server |
+| tst.js:15:1:15:15 | io.attach(http) | tst.js:1:12:1:33 | socket.io server |
+| tst.js:16:1:16:15 | io.bind(engine) | tst.js:1:12:1:33 | socket.io server |
+| tst.js:17:1:17:23 | io.onco ... socket) | tst.js:1:12:1:33 | socket.io server |
+test_ClientSendNode_getAReceiver
+| client2.js:14:1:14:32 | sock.em ... there") | tst.js:72:3:72:43 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:70:3:70:35 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:71:3:71:46 | socket. ...  => {}) |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | tst.js:72:3:72:43 | socket. ...  => {}) |
+test_ClientReceiveNode_getAck
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | client2.js:10:22:10:23 | cb |
+test_ClientReceiveNode_getReceivedItem
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | 0 | client2.js:4:21:4:21 | x |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | 1 | client2.js:4:24:4:24 | y |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | 0 | client2.js:8:23:8:25 | msg |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | 0 | client2.js:10:19:10:19 | x |
+| client2.js:18:1:20:2 | sock2.o ... (x);\\n}) | 0 | client2.js:18:22:18:22 | x |
+test_NamespaceObject
+| socket.io namespace with path '/' | tst.js:1:12:1:33 | socket.io server | / |
+| socket.io namespace with path '/' | tst.js:4:13:4:24 | socket.io server | / |
+| socket.io namespace with path '/' | tst.js:6:13:6:27 | socket.io server | / |
+| socket.io namespace with path '/foo/bar' | tst.js:1:12:1:33 | socket.io server | /foo/bar |
+test_ClientReceiveNode
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | client2.js:1:12:1:56 | require ... lhost") |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | client2.js:1:12:1:56 | require ... lhost") |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | client2.js:1:12:1:56 | require ... lhost") |
+| client2.js:18:1:20:2 | sock2.o ... (x);\\n}) | client2.js:2:13:2:85 | require ... v#abc") |
+test_ClientSendNode
+| client2.js:14:1:14:32 | sock.em ... there") | client2.js:1:12:1:56 | require ... lhost") | / |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | client2.js:1:12:1:56 | require ... lhost") | / |
+test_SendNode_getAck
+| tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:54:31:54:42 | (data) => {} |
+test_SendNode
+| tst.js:30:1:30:28 | ns.emit ... event') | socket.io namespace with path '/' |
+| tst.js:31:1:31:20 | ns.send('a message') | socket.io namespace with path '/' |
+| tst.js:32:1:32:22 | ns2.wri ... ssage') | socket.io namespace with path '/foo/bar' |
+| tst.js:39:1:39:31 | io.emit ... ssage') | socket.io namespace with path '/' |
+| tst.js:40:1:40:20 | io.send('a message') | socket.io namespace with path '/' |
+| tst.js:41:1:41:21 | io.writ ... ssage') | socket.io namespace with path '/' |
+| tst.js:51:3:51:22 | socket.emit('event') | socket.io namespace with path '/' |
+| tst.js:54:3:54:43 | socket. ...  => {}) | socket.io namespace with path '/' |
+| tst.js:55:3:55:27 | socket. ... ssage') | socket.io namespace with path '/' |
+test_SendNode_getAReceiver
+| tst.js:30:1:30:28 | ns.emit ... event') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:30:1:30:28 | ns.emit ... event') | client2.js:10:1:12:2 | sock.on ... d");\\n}) |
+| tst.js:31:1:31:20 | ns.send('a message') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:31:1:31:20 | ns.send('a message') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:32:1:32:22 | ns2.wri ... ssage') | client2.js:18:1:20:2 | sock2.o ... (x);\\n}) |
+| tst.js:39:1:39:31 | io.emit ... ssage') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:39:1:39:31 | io.emit ... ssage') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:40:1:40:20 | io.send('a message') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:40:1:40:20 | io.send('a message') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:41:1:41:21 | io.writ ... ssage') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:41:1:41:21 | io.writ ... ssage') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:51:3:51:22 | socket.emit('event') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:51:3:51:22 | socket.emit('event') | client2.js:10:1:12:2 | sock.on ... d");\\n}) |
+| tst.js:54:3:54:43 | socket. ...  => {}) | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:54:3:54:43 | socket. ...  => {}) | client2.js:8:1:8:33 | sock.on ...  => {}) |
+| tst.js:55:3:55:27 | socket. ... ssage') | client2.js:4:1:6:2 | sock.on ...  y);\\n}) |
+| tst.js:55:3:55:27 | socket. ... ssage') | client2.js:8:1:8:33 | sock.on ...  => {}) |
+test_ServerObject
+| tst.js:1:12:1:33 | socket.io server | tst.js:1:12:1:33 | require ... .io')() | socket.io namespace with path '/' |
+| tst.js:4:13:4:24 | socket.io server | tst.js:4:13:4:24 | new Server() | socket.io namespace with path '/' |
+| tst.js:6:13:6:27 | socket.io server | tst.js:6:13:6:27 | Server.listen() | socket.io namespace with path '/' |
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/tests.ql
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/tests.ql
@@ -0,0 +1,26 @@
+import ClientReceiveNode_getEventName
+import NamespaceNode
+import ClientReceiveNode_getASender
+import ReceiveNode
+import SendNode_getSentItem
+import AdditionalFlowStep
+import ClientSendNode_getAck
+import SocketNode
+import ClientSendNode_getEventName
+import ClientSendNode_getSentItem
+import ReceiveNode_getEventName
+import ClientSocketNode
+import ReceiveNode_getASender
+import ReceiveNode_getReceivedItem
+import SendNode_getSocket
+import ServerNode
+import ClientSendNode_getAReceiver
+import ClientReceiveNode_getAck
+import ClientReceiveNode_getReceivedItem
+import NamespaceObject
+import ClientReceiveNode
+import ClientSendNode
+import SendNode_getAck
+import SendNode
+import SendNode_getAReceiver
+import ServerObject
--- a/javascript/ql/test/library-tests/frameworks/SocketIO/tst.js
+++ b/javascript/ql/test/library-tests/frameworks/SocketIO/tst.js
@@ -23,13 +23,13 @@ io.origins();

 // SocketIO::NamespaceNodes:
 var ns = io.sockets;
-io.of("/");
+var ns2 = io.of("/foo/bar");
 ns.use(auth);
 ns.to(room);
 ns.in(room);
 ns.emit('event', 'an event');
 ns.send('a message');
-ns.write('a message');
+ns2.write('a message');
 ns.clients(cb);
 ns.compress(true);
 ns.binary(false);
--- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.expected
+++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/DeadStoreOfLocal.expected
@@ -9,3 +9,4 @@
 | tst.js:45:6:45:11 | x = 23 | This definition of x is useless, since its value is never read. |
 | tst.js:51:6:51:11 | x = 23 | This definition of x is useless, since its value is never read. |
 | tst.js:132:7:132:13 | {x} = o | This definition of x is useless, since its value is never read. |
+| tst.js:162:6:162:14 | [x] = [0] | This definition of x is useless, since its value is never read. |
--- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst.js
+++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfLocal/tst.js
@@ -157,3 +157,12 @@ function v() {
 (function() {
 	for (var a = (x, -1) in v = a, o);
 });
+
+(function() {
+	let [x] = [0], // OK, but flagged due to destructuring limitations
+	    y = 0;
+	x = 42;
+	y = 87;
+	x;
+	y;
+});
--- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/DeadStoreOfProperty.expected
+++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/DeadStoreOfProperty.expected
@@ -12,3 +12,5 @@
 | tst.js:76:5:76:34 | o.pure1 ... te = 42 | This write to property 'pure16_simpleAliasWrite' is useless, since $@ always overrides it. | tst.js:77:5:77:36 | o16.pur ... te = 42 | another property write |
 | tst.js:95:5:95:17 | o.pure18 = 42 | This write to property 'pure18' is useless, since $@ always overrides it. | tst.js:96:5:96:17 | o.pure18 = 42 | another property write |
 | tst.js:96:5:96:17 | o.pure18 = 42 | This write to property 'pure18' is useless, since $@ always overrides it. | tst.js:97:5:97:17 | o.pure18 = 42 | another property write |
+| tst.js:114:2:114:14 | o.setter = 42 | This write to property 'setter' is useless, since $@ always overrides it. | tst.js:115:2:115:14 | o.setter = 87 | another property write |
+| tst.js:118:2:118:104 | Object. ... lue()}) | This write to property 'prop' is useless, since $@ always overrides it. | tst.js:119:2:119:12 | o.prop = 42 | another property write |
--- a/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/tst.js
+++ b/javascript/ql/test/query-tests/Declarations/DeadStoreOfProperty/tst.js
@@ -82,17 +82,47 @@
    }

    // DOM
-    o.clientTop = 42;
+    o.clientTop = 42; // OK
    o.clientTop = 42;

-    o.defaulted1 = null;
+    o.defaulted1 = null; // OK
    o.defaulted1 = 42;

-    o.defaulted2 = -1;
+    o.defaulted2 = -1; // OK
    o.defaulted2 = 42;

    var o = {};
    o.pure18 = 42; // NOT OK
    o.pure18 = 42; // NOT OK
    o.pure18 = 42;
+
+	var o = {};
+	Object.defineProperty(o, "setter", { // OK
+		set: function (value) { }
+	});
+	o.setter = "";
+
+	var o = { set setter(value) { } }; // OK
+	o.setter = "";
+
+	var o = {
+		set accessor(value) { }, // OK
+		get accessor() { }
+	};
+
+	var o = { set setter(value) { } };
+	o.setter = 42; // probably OK, but still flagged - it seems fishy
+	o.setter = 87;
+
+	var o = {};
+	Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1, value: getInitialValue()}) // NOT OK
+	o.prop = 42;
+
+	var o = {};
+	Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1, value: undefined}) // OK, default value
+	o.prop = 42;
+
+	var o = {};
+	Object.defineProperty(o, "prop", {writable:!0,configurable:!0,enumerable:!1}) // OK
+	o.prop = 42;
 });
--- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.expected
+++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/ExprHasNoEffect.expected
@@ -8,4 +8,5 @@
 | tst.js:49:3:49:26 | new Err ... ou so") | This expression has no effect. |
 | tst.js:50:3:50:49 | new Syn ... o me?") | This expression has no effect. |
 | tst.js:51:3:51:36 | new Err ... age(e)) | This expression has no effect. |
+| tst.js:62:2:62:20 | o.trivialNonGetter1 | This expression has no effect. |
 | uselessfn.js:1:1:1:15 | (functi ... .");\\n}) | This expression has no effect. |
--- a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst.js
+++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/tst.js
@@ -51,3 +51,25 @@ try {
  new Error(computeSnarkyMessage(e)); // NOT OK
  new UnknownError(); // OK
 }
+
+function g() {
+	var o = {};
+
+	Object.defineProperty(o, "trivialGetter1", { get: function(){} });
+	o.trivialGetter1; // OK
+
+	Object.defineProperty(o, "trivialNonGetter1", "foo");
+	o.trivialNonGetter1; // NOT OK
+
+	var getterDef1 = { get: function(){} };
+	Object.defineProperty(o, "nonTrivialGetter1", getterDef1);
+	o.nonTrivialGetter1; // OK
+
+	var getterDef2 = { };
+	unknownPrepareGetter(getterDef2);
+	Object.defineProperty(o, "nonTrivialNonGetter1", getterDef2);
+	o.nonTrivialNonGetter1; // OK
+
+	Object.defineProperty(o, "nonTrivialGetter2", unknownGetterDef());
+	o.nonTrivialGetter2; // OK
+};
--- a/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/yield_in_non_generator.js
+++ b/javascript/ql/test/query-tests/Expressions/SuspiciousPropAccess/yield_in_non_generator.js
@@ -0,0 +1,8 @@
+function outer() {
+  function inner() {
+    yield 1;
+  }
+  inner().next()
+}
+
+// semmle-extractor-options: --experimental
--- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/AdmZipBad.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/AdmZipBad.js
@@ -0,0 +1,7 @@
+const fs = require('fs');
+var AdmZip = require('adm-zip');
+var zip = new AdmZip("archive.zip");
+var zipEntries = zip.getEntries();
+zipEntries.forEach(function(zipEntry) {
+  fs.createWriteStream(zipEntry.entryName);
+});
--- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/TarSlipBad.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/TarSlipBad.js
@@ -0,0 +1,18 @@
+const fs = require('fs');
+const tar = require('tar-stream');
+const extract = tar.extract();
+
+extract.on('entry', (header, stream, next) => {
+  const out = fs.createWriteStream(header.name);
+  stream.pipe(out);
+  stream.on('end', () => {
+    next();
+  })
+  stream.resume();
+})
+
+extract.on('finish', ()  => {
+  console.log('finished');
+});
+
+fs.createReadStream('./bad.tar').pipe(extract);
--- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
@@ -1,4 +1,6 @@
 nodes
+| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
+| TarSlipBad.js:6:36:6:46 | header.name |
 | ZipSlipBad2.js:5:9:5:46 | fileName |
 | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
 | ZipSlipBad2.js:5:37:5:46 | entry.path |
@@ -6,12 +8,20 @@ nodes
 | ZipSlipBad.js:7:11:7:31 | fileName |
 | ZipSlipBad.js:7:22:7:31 | entry.path |
 | ZipSlipBad.js:8:37:8:44 | fileName |
+| ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
+| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
+| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
 edges
 | ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
 | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName |
 | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
 | ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
 | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
+| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
+| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
 #select
+| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | item path |
+| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | TarSlipBad.js:6:36:6:46 | header.name | item path |
 | ZipSlipBad2.js:6:22:6:29 | fileName | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:6:22:6:29 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad2.js:5:37:5:46 | entry.path | item path |
 | ZipSlipBad.js:8:37:8:44 | fileName | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:8:37:8:44 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad.js:7:22:7:31 | entry.path | item path |
+| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | item path |
--- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBadUnzipper.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBadUnzipper.js
@@ -0,0 +1,9 @@
+const fs = require('fs');
+const unzipper = require('unzipper');
+
+fs.createReadStream('path/to/archive.zip')
+  .pipe(unzipper.Parse())
+  .on('entry', function (entry) {
+    var fileName = entry.path;
+    entry.pipe(fs.createWriteStream(fileName));
+  });
--- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
@@ -51,6 +51,10 @@ nodes
 | tst.js:17:21:17:42 | documen ... on.hash |
 | tst.js:20:30:20:46 | document.location |
 | tst.js:20:30:20:51 | documen ... on.hash |
+| tst.js:23:6:23:46 | atob(do ... ing(1)) |
+| tst.js:23:11:23:27 | document.location |
+| tst.js:23:11:23:32 | documen ... on.hash |
+| tst.js:23:11:23:45 | documen ... ring(1) |
 edges
 | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
 | angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search |
@@ -86,6 +90,9 @@ edges
 | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
 | tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash |
 | tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash |
+| tst.js:23:11:23:27 | document.location | tst.js:23:11:23:32 | documen ... on.hash |
+| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
+| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
 #select
 | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:10:22:10:29 | location | User-provided value |
 | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:13:23:13:30 | location | User-provided value |
@@ -112,3 +119,4 @@ edges
 | tst.js:14:10:14:74 | documen ... , "$1") | tst.js:14:10:14:26 | document.location | tst.js:14:10:14:74 | documen ... , "$1") | $@ flows to here and is interpreted as code. | tst.js:14:10:14:26 | document.location | User-provided value |
 | tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:37 | document.location | tst.js:17:21:17:42 | documen ... on.hash | $@ flows to here and is interpreted as code. | tst.js:17:21:17:37 | document.location | User-provided value |
 | tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:46 | document.location | tst.js:20:30:20:51 | documen ... on.hash | $@ flows to here and is interpreted as code. | tst.js:20:30:20:46 | document.location | User-provided value |
+| tst.js:23:6:23:46 | atob(do ... ing(1)) | tst.js:23:11:23:27 | document.location | tst.js:23:6:23:46 | atob(do ... ing(1)) | $@ flows to here and is interpreted as code. | tst.js:23:11:23:27 | document.location | User-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/tst.js
@@ -18,3 +18,6 @@ WebAssembly.compile(document.location.hash);

 // NOT OK
 WebAssembly.compileStreaming(document.location.hash);
+
+// NOT OK
+eval(atob(document.location.hash.substring(1)));
				`@@ -1 +0,0 @@`
				`\| tst.js:54:3:54:43 \| socket. ... => {}) \| tst.js:54:31:54:42 \| (data) => {} \|`