From a8aeb1d03e6f6aae96ba7a89bc6db64239ef90e6 Mon Sep 17 00:00:00 2001
From: amammad <amg2027amg@gmail.com>
Date: Fri, 22 Sep 2023 22:50:55 +1000
Subject: [PATCH] add active record and data mapper patterns support

---
 .../semmle/javascript/frameworks/TypeORM.qll  | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/TypeORM.qll b/javascript/ql/lib/semmle/javascript/frameworks/TypeORM.qll
index 96cf8d98396..43968d9834d 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/TypeORM.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/TypeORM.qll
@@ -6,8 +6,19 @@ module Sqlite {
     result = API::moduleImport("typeorm").getMember("DataSource").getInstance()
   }
 
-  // Gets return value of a `createQueryBuilder`
-  API::Node queryBuilderInstance() {
+  // Gets `createQueryBuilder` return value from a Active record based Entity
+  API::Node activeRecordQueryBuilder() {
+    result =
+      API::moduleImport("typeorm")
+          .getMember("Entity")
+          .getReturn()
+          .getADecoratedClass()
+          .getMember("createQueryBuilder")
+          .getReturn()
+  }
+
+  // Gets `createQueryBuilder` return value from a Data Mapper based Entity
+  API::Node dataMapperQueryBuilder() {
     result =
       [
         // Using DataSource
@@ -19,7 +30,12 @@ module Sqlite {
       ].getMember("createQueryBuilder").getReturn()
   }
 
-  //API::moduleImport("typeorm").getMember("exports").getMember("DataSource").getInstance().getMember("createQueryBuilder").getReturn().getMember("where")
+  // Gets return value of a `createQueryBuilder`
+  API::Node queryBuilderInstance() {
+    result = dataMapperQueryBuilder() or
+    result = activeRecordQueryBuilder()
+  }
+
   // Gets The Brackets that are SQL Subqueries equivalent
   API::Node brackets() {
     result =