implement basic map get/set for immutable.js

javascript/ql/test/library-tests/frameworks/Immutable/immutable.js

@@ -0,0 +1,15 @@
+var obj = { a: source("a"), b: source("b1") };
+sink(obj["a"]); // NOT OK
+
+const { Map } = require('immutable');
+
+const map1 = Map(obj);
+
+sink(map1.get("b")); // NOT OK
+
+const map2 = map1.set('c', "safe");
+sink(map1.get("a")); // NOT OK
+sink(map2.get("a")); // NOT OK
+sink(map2.get("b")); // OK - but still flagged [INCONSISTENCY]
+
+

javascript/ql/test/library-tests/frameworks/Immutable/tests.expected

@@ -0,0 +1,5 @@
+| immutable.js:1:16:1:26 | source("a") | immutable.js:2:6:2:13 | obj["a"] |
+| immutable.js:1:16:1:26 | source("a") | immutable.js:11:6:11:18 | map1.get("a") |
+| immutable.js:1:16:1:26 | source("a") | immutable.js:12:6:12:18 | map2.get("a") |
+| immutable.js:1:32:1:43 | source("b1") | immutable.js:8:6:8:18 | map1.get("b") |
+| immutable.js:1:32:1:43 | source("b1") | immutable.js:13:6:13:18 | map2.get("b") |

javascript/ql/test/library-tests/frameworks/Immutable/tests.ql

@@ -0,0 +1,18 @@
+import javascript
+private import semmle.javascript.dataflow.internal.StepSummary
+
+class Config extends DataFlow::Configuration {
+  Config() { this = "Config" }
+
+  override predicate isSource(DataFlow::Node source) {
+    source.(DataFlow::CallNode).getCalleeName() = "source"
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink)
+  }
+}
+
+query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) {
+  any(Config c).hasFlow(pred, succ)
+}