JavaScript: Teach type inference about AMD imports.

javascript/ql/src/semmle/javascript/dataflow/internal/InterModuleTypeInference.qll

@@ -232,6 +232,42 @@ private class AnalyzedAmdExport extends AnalyzedPropertyWrite, DataFlow::ValueNo
   }
 }
 
+/**
+ * Flow analysis for AMD imports, interpreted as an implicit read of
+ * the `module.exports` property of the imported module.
+ */
+private class AnalyzedAmdImport extends AnalyzedPropertyRead, DataFlow::Node {
+  Module required;
+
+  AnalyzedAmdImport() {
+    exists (AMDModule amd, PathExpr dep, Parameter p |
+      amd.getDefine().dependencyParameter(dep, p) and
+      this = DataFlow::parameterNode(p) and
+      required.getFile() = amd.resolve(dep)
+    )
+  }
+
+  override predicate reads(AbstractValue base, string propName) {
+    base = TAbstractModuleObject(required) and
+    propName = "exports"
+  }
+}
+
+/**
+ * Flow analysis for parameters corresponding to AMD imports.
+ */
+private class AnalyzedAmdParameter extends AnalyzedVarDef, @vardecl {
+  AnalyzedAmdImport imp;
+
+  AnalyzedAmdParameter() {
+    imp = DataFlow::parameterNode(this)
+  }
+
+  override AbstractValue getAnRhsValue() {
+    result = imp.getALocalValue()
+  }
+}
+
 /**
  * Flow analysis for exports that export a single value.
  */