JS: Make inline CG tests report call target if NONE was given

Previously it would only report a spurious callee if the target function was named. Now, if specifying 'calls:NONE' if will report any callee as spurious.
2025-12-16 16:53:25 +01:00 · 2025-02-14 10:51:08 +01:00
parent 98c755d484
commit a61d42edc3
2 changed files with 8 additions and 4 deletions
--- a/javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/Test.expected
+++ b/javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/Test.expected
@@ -1,4 +1,5 @@
 spuriousCallee
+| accessors.js:54:1:54:7 | new D() | accessors.js:32:9:32:8 | () {} | -1 | calls |
 missingCallee
 | constructor-field.ts:40:5:40:14 | f3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 | calls |
 | constructor-field.ts:71:1:71:11 | bf3.build() | constructor-field.ts:13:3:13:12 | build() {} | -1 | calls |
--- a/javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/Test.ql
+++ b/javascript/ql/test/library-tests/CallGraphs/AnnotatedTest/Test.ql
@@ -58,20 +58,23 @@ class AnnotatedCall extends DataFlow::Node {
  string getKind() { result = kind }
 }

-predicate callEdge(AnnotatedCall call, AnnotatedFunction target, int boundArgs) {
+predicate callEdge(AnnotatedCall call, Function target, int boundArgs) {
  FlowSteps::calls(call, target) and boundArgs = -1
  or
  FlowSteps::callsBound(call, target, boundArgs)
 }

-query predicate spuriousCallee(
-  AnnotatedCall call, AnnotatedFunction target, int boundArgs, string kind
-) {
+query predicate spuriousCallee(AnnotatedCall call, Function target, int boundArgs, string kind) {
  callEdge(call, target, boundArgs) and
  kind = call.getKind() and
  not (
    target = call.getAnExpectedCallee(kind) and
    boundArgs = call.getBoundArgsOrMinusOne()
+  ) and
+  (
+    target instanceof AnnotatedFunction
+    or
+    call.getCallTargetName() = "NONE"
  )
 }