convert the AngularJS model to use DataFlow nodes

javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql

@@ -42,17 +42,19 @@ predicate isABuiltinEventName(string name) {
  * Holds if user code emits or broadcasts an event named `name`.
  */
 predicate isAUserDefinedEventName(string name) {
-  exists(string methodName, MethodCallExpr mce | methodName = "$emit" or methodName = "$broadcast" |
-    mce.getArgument(0).mayHaveStringValue(name) and
+  exists(string methodName, DataFlow::MethodCallNode mcn |
+    methodName = "$emit" or methodName = "$broadcast"
+  |
+    mcn.getArgument(0).mayHaveStringValue(name) and
     (
       // dataflow based scope resolution
-      mce = any(AngularJS::ScopeServiceReference scope).getAMethodCall(methodName)
+      mcn = any(AngularJS::ScopeServiceReference scope).getAMethodCall(methodName)
       or
       // heuristic scope resolution: assume parameters like `$scope` or `$rootScope` are AngularJS scope objects
-      exists(SimpleParameter param |
+      exists(DataFlow::ParameterNode param |
         param.getName() = any(AngularJS::ScopeServiceReference scope).getName() and
-        mce.getReceiver().mayReferToParameter(param) and
-        mce.getMethodName() = methodName
+        param.getAMethodCall() = mcn and
+        mcn.getMethodName() = methodName
       )
       or
       // a call in an AngularJS expression
@@ -64,7 +66,7 @@ predicate isAUserDefinedEventName(string name) {
   )
 }
 
-from AngularJS::ScopeServiceReference scope, MethodCallExpr mce, string eventName
+from AngularJS::ScopeServiceReference scope, DataFlow::MethodCallNode mce, string eventName
 where
   mce = scope.getAMethodCall("$on") and
   mce.getArgument(0).mayHaveStringValue(eventName) and

javascript/ql/src/AngularJS/DependencyMismatch.ql

@@ -14,7 +14,7 @@
 
 import javascript
 
-from AngularJS::InjectableFunction f, SimpleParameter p, string msg
+from AngularJS::InjectableFunction f, DataFlow::ParameterNode p, string msg
 where
   p = f.asFunction().getAParameter() and
   (

javascript/ql/src/AngularJS/DisablingSce.ql

@@ -14,7 +14,7 @@
 
 import javascript
 
-from MethodCallExpr mce, AngularJS::BuiltinServiceReference service
+from DataFlow::MethodCallNode mce, AngularJS::BuiltinServiceReference service
 where
   service.getName() = "$sceProvider" and
   mce = service.getAMethodCall("enabled") and

javascript/ql/src/AngularJS/DoubleCompilation.ql

@@ -15,7 +15,7 @@
 
 import javascript
 
-from AngularJS::ServiceReference compile, SimpleParameter elem, CallExpr c
+from AngularJS::ServiceReference compile, DataFlow::ParameterNode elem, DataFlow::CallNode c
 where
   compile.getName() = "$compile" and
   elem =
@@ -24,7 +24,7 @@ where
         .(AngularJS::LinkFunction)
         .getElementParameter() and
   c = compile.getACall() and
-  c.getArgument(0).mayReferToParameter(elem) and
+  elem.flowsTo(c.getArgument(0)) and
   // don't flag $compile calls that specify a `maxPriority`
   c.getNumArgument() < 3
 select c, "This call to $compile may cause double compilation of '" + elem + "'."

javascript/ql/src/AngularJS/DuplicateDependency.ql

@@ -12,16 +12,17 @@
 import javascript
 import semmle.javascript.RestrictedLocations
 
-predicate isRepeatedDependency(AngularJS::InjectableFunction f, string name, AstNode location) {
+predicate isRepeatedDependency(AngularJS::InjectableFunction f, string name, DataFlow::Node node) {
   exists(int i, int j |
     i < j and
     exists(f.getDependencyDeclaration(i, name)) and
-    location = f.getDependencyDeclaration(j, name)
+    node = f.getDependencyDeclaration(j, name)
   )
 }
 
-from AngularJS::InjectableFunction f, AstNode node, string name
+from AngularJS::InjectableFunction f, DataFlow::Node node, string name
 where
   isRepeatedDependency(f, name, node) and
   not count(f.asFunction().getParameterByName(name)) > 1 // avoid duplicating reports from js/duplicate-parameter-name
-select f.asFunction().(FirstLineOf), "This function has a duplicate dependency '$@'.", node, name
+select f.asFunction().getFunction().(FirstLineOf), "This function has a duplicate dependency '$@'.",
+  node, name

javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql

@@ -23,7 +23,7 @@ predicate isResourceUrlWhitelist(
 ) {
   exists(AngularJS::ServiceReference service |
     service.getName() = "$sceDelegateProvider" and
-    setupCall.asExpr() = service.getAMethodCall("resourceUrlWhitelist") and
+    setupCall = service.getAMethodCall("resourceUrlWhitelist") and
     list.flowsTo(setupCall.getArgument(0))
   )
 }

javascript/ql/src/AngularJS/RepeatedInjection.ql

@@ -12,9 +12,9 @@
 import javascript
 import semmle.javascript.RestrictedLocations
 
-from AngularJS::InjectableFunction f, AstNode explicitInjection
+from AngularJS::InjectableFunction f, DataFlow::Node explicitInjection
 where
   count(f.getAnExplicitDependencyInjection()) > 1 and
   explicitInjection = f.getAnExplicitDependencyInjection()
-select f.asFunction().(FirstLineOf), "This function has $@ defined in multiple places.",
-  explicitInjection, "dependency injections"
+select f.asFunction().getFunction().(FirstLineOf),
+  "This function has $@ defined in multiple places.", explicitInjection, "dependency injections"

javascript/ql/src/AngularJS/UnusedAngularDependency.ql

@@ -13,9 +13,9 @@ import javascript
 import Declarations.UnusedParameter
 import semmle.javascript.RestrictedLocations
 
-predicate isUnusedParameter(Function f, string msg, Parameter parameter) {
+predicate isUnusedParameter(DataFlow::FunctionNode f, string msg, Parameter parameter) {
   exists(Variable pv |
-    isUnused(f, parameter, pv, _) and
+    isUnused(f.getFunction(), parameter, pv, _) and
     not isAnAccidentallyUnusedParameter(parameter) and // avoid double alerts
     msg = "Unused dependency " + pv.getName() + "."
   )