From b12d927020850145e970e9f142a48da062853d77 Mon Sep 17 00:00:00 2001
From: Asger F <asgerf@github.com>
Date: Fri, 28 Nov 2025 10:16:20 +0100
Subject: [PATCH] JS: Also expose "any state" version of tracking predicates

---
 .../ql/lib/semmle/javascript/ApiGraphs.qll     | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
index 488fddc95de..f0ce21758f5 100644
--- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
+++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll
@@ -1384,6 +1384,13 @@ module API {
         result = trackUseNode(nd, false, 0, "")
       }
 
+      /**
+       * Gets a node whose forward tracking reaches `nd` in some state (e.g. possibly inside a content at this point).
+       */
+      DataFlow::SourceNode trackUseNodeAnyState(DataFlow::SourceNode nd) {
+        result = trackUseNode(nd, _, _, _, _)
+      }
+
       private DataFlow::SourceNode trackDefNode(DataFlow::Node nd, DataFlow::TypeBackTracker t) {
         t.start() and
         rhs(_, nd) and
@@ -1434,6 +1441,11 @@ module API {
         result = trackDefNode(nd, DataFlow::TypeBackTracker::end())
       }
 
+      /**
+       * Gets a node reached by the backwards tracking of `nd` in some state (e.g. possibly inside a content at this point).
+       */
+      DataFlow::SourceNode trackDefNodeAnyState(DataFlow::Node nd) { result = trackDefNode(nd, _) }
+
       private DataFlow::SourceNode awaited(DataFlow::InvokeNode call, DataFlow::TypeTracker t) {
         t.startInPromise() and
         trackUseNode(_, true, _, "").flowsTo(call.getCalleeNode()) and
@@ -1548,9 +1560,15 @@ module API {
       DataFlow::SourceNode trackUseNode(DataFlow::SourceNode nd) =
         forceLocal(Stage1::trackUseNode/1)(nd, result)
 
+      DataFlow::SourceNode trackUseNodeAnyState(DataFlow::SourceNode nd) =
+        forceLocal(Stage1::trackUseNodeAnyState/1)(nd, result)
+
       DataFlow::SourceNode trackDefNode(DataFlow::SourceNode nd) =
         forceLocal(Stage1::trackDefNode/1)(nd, result)
 
+      DataFlow::SourceNode trackDefNodeAnyState(DataFlow::Node nd) =
+        forceLocal(Stage1::trackDefNodeAnyState/1)(nd, result)
+
       predicate edge(TApiNode pred, Label::ApiLabel lbl, TApiNode succ) =
         forceLocal(Stage1::edge/3)(pred, lbl, succ)