JS: Localize charpred of API::EntryPoint

This is needed for localizing ApiLabel later

javascript/ql/lib/semmle/javascript/ApiGraphs.qll

@@ -676,17 +676,21 @@ module API {
    * Imports and exports are considered entry points by default, but additional entry points may
    * be added by extending this class. Typical examples include global variables.
    */
+  overlay[local]
   abstract class EntryPoint extends string {
     bindingset[this]
     EntryPoint() { any() }
 
     /** Gets a data-flow node where a value enters the current codebase through this entry-point. */
+    overlay[global]
     DataFlow::SourceNode getASource() { none() }
 
     /** Gets a data-flow node where a value leaves the current codebase through this entry-point. */
+    overlay[global]
     DataFlow::Node getASink() { none() }
 
     /** Gets an API-node for this entry point. */
+    overlay[global]
     API::Node getANode() { result = root().getASuccessor(Label::entryPoint(this)) }
   }
 

javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll

@@ -198,6 +198,7 @@ module ClientRequest {
   private string urlPropertyName() { result = "url" or result = "uri" }
 
   /** An API entry-point for the global variable `axios`. */
+  overlay[local?]
   private class AxiosGlobalEntryPoint extends API::EntryPoint {
     AxiosGlobalEntryPoint() { this = "axiosGlobal" }
 

javascript/ql/lib/semmle/javascript/frameworks/D3.qll

@@ -6,6 +6,7 @@ private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
 /** Provides classes and predicates modeling aspects of the `d3` library. */
 module D3 {
   /** The global variable `d3` as an entry point for API graphs. */
+  overlay[local?]
   private class D3GlobalEntry extends API::EntryPoint {
     D3GlobalEntry() { this = "D3GlobalEntry" }
 

javascript/ql/lib/semmle/javascript/frameworks/Electron.qll

@@ -41,6 +41,7 @@ module Electron {
     BrowserView() { this = DataFlow::moduleMember("electron", "BrowserView").getAnInstantiation() }
   }
 
+  overlay[local?]
   private class ElectronEntryPoint extends API::EntryPoint {
     ElectronEntryPoint() { this = "Electron.Browser" }
 

javascript/ql/lib/semmle/javascript/frameworks/History.qll

@@ -5,6 +5,7 @@ import javascript
 /** Provides classes modeling the [`history`](https://npmjs.org/package/history) library. */
 module History {
   /** The global variable `HistoryLibrary` as an entry point for API graphs. */
+  overlay[local?]
   private class HistoryGlobalEntry extends API::EntryPoint {
     HistoryGlobalEntry() { this = "HistoryLibrary" }
 

javascript/ql/lib/semmle/javascript/frameworks/Immutable.qll

@@ -13,6 +13,7 @@ private module Immutable {
   /**
    * An API entrypoint for the global `Immutable` variable.
    */
+  overlay[local?]
   private class ImmutableGlobalEntry extends API::EntryPoint {
     ImmutableGlobalEntry() { this = "ImmutableGlobalEntry" }
 

javascript/ql/lib/semmle/javascript/frameworks/Logging.qll

@@ -32,6 +32,7 @@ private module Console {
   /**
    * An API entrypoint for the global `console` variable.
    */
+  overlay[local?]
   private class ConsoleGlobalEntry extends API::EntryPoint {
     ConsoleGlobalEntry() { this = "ConsoleGlobalEntry" }
 

javascript/ql/lib/semmle/javascript/frameworks/Nest.qll

@@ -140,6 +140,7 @@ module NestJS {
   }
 
   /** API node entry point for custom implementations of `ValidationPipe` (a common pattern). */
+  overlay[local?]
   private class ValidationNodeEntry extends API::EntryPoint {
     ValidationNodeEntry() { this = "ValidationNodeEntry" }
 

javascript/ql/lib/semmle/javascript/frameworks/Redux.qll

@@ -1099,6 +1099,7 @@ module Redux {
      * Used to catch cases where the `connect` function was not recognized by API graphs (usually because of it being
      * wrapped in another function, which API graphs won't look through).
      */
+    overlay[local?]
     private class HeuristicConnectEntryPoint extends API::EntryPoint {
       HeuristicConnectEntryPoint() { this = "react-redux-connect" }
 

javascript/ql/lib/semmle/javascript/frameworks/Templating.qll

@@ -703,7 +703,7 @@ module Templating {
    *
    * These API nodes are used in the `getTemplateInput` predicate.
    */
-  overlay[global]
+  overlay[local?]
   private class IncludeFunctionAsEntryPoint extends API::EntryPoint {
     IncludeFunctionAsEntryPoint() { this = "IncludeFunctionAsEntryPoint" }
 

javascript/ql/lib/semmle/javascript/frameworks/TrustedTypes.qll

@@ -11,6 +11,7 @@ private import semmle.javascript.security.dataflow.CodeInjectionCustomizations
  * Module for working with uses of the [Trusted Types API](https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API).
  */
 module TrustedTypes {
+  overlay[local?]
   private class TrustedTypesEntry extends API::EntryPoint {
     TrustedTypesEntry() { this = "TrustedTypesEntry" }
 

javascript/ql/lib/semmle/javascript/frameworks/Vue.qll

@@ -7,6 +7,7 @@ import semmle.javascript.ViewComponentInput
 
 module Vue {
   /** The global variable `Vue`, as an API graph entry point. */
+  overlay[local?]
   private class GlobalVueEntryPoint extends API::EntryPoint {
     GlobalVueEntryPoint() { this = "VueEntryPoint" }
 
@@ -18,6 +19,7 @@ module Vue {
    *
    * This `EntryPoint` is used by `SingleFileComponent::getOwnOptions()`.
    */
+  overlay[local?]
   private class VueExportEntryPoint extends API::EntryPoint {
     VueExportEntryPoint() { this = "VueExportEntryPoint" }
 
@@ -437,6 +439,7 @@ module Vue {
    *
    * This entry point is used in `SingleFileComponent::getComponentRef()`.
    */
+  overlay[local?]
   private class VueFileImportEntryPoint extends API::EntryPoint {
     VueFileImportEntryPoint() { this = "VueFileImportEntryPoint" }
 

javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll

@@ -5,6 +5,7 @@
 private import javascript
 
 /** Treats `Response` as an entry point for API graphs. */
+overlay[local?]
 private class ResponseEntryPoint extends API::EntryPoint {
   ResponseEntryPoint() { this = "global.Response" }
 
@@ -12,6 +13,7 @@ private class ResponseEntryPoint extends API::EntryPoint {
 }
 
 /** Treats `Headers` as an entry point for API graphs. */
+overlay[local?]
 private class HeadersEntryPoint extends API::EntryPoint {
   HeadersEntryPoint() { this = "global.Headers" }
 

javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll

@@ -48,6 +48,7 @@ private predicate areLibrariesCompatible(
 }
 
 /** Treats `WebSocket` as an entry point for API graphs. */
+overlay[local?]
 private class WebSocketEntryPoint extends API::EntryPoint {
   WebSocketEntryPoint() { this = "global.WebSocket" }
 
@@ -55,6 +56,7 @@ private class WebSocketEntryPoint extends API::EntryPoint {
 }
 
 /** Treats `SockJS` as an entry point for API graphs. */
+overlay[local?]
 private class SockJSEntryPoint extends API::EntryPoint {
   SockJSEntryPoint() { this = "global.SockJS" }
 

javascript/ql/lib/semmle/javascript/frameworks/Webix.qll

@@ -9,6 +9,7 @@ private import javascript
  */
 module Webix {
   /** The global variable `webix` as an entry point for API graphs. */
+  overlay[local?]
   private class WebixGlobalEntry extends API::EntryPoint {
     WebixGlobalEntry() { this = "WebixGlobalEntry" }
 

javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll

@@ -492,6 +492,7 @@ private predicate invocationMatchesCallSiteFilter(
   Specific::invocationMatchesExtraCallSiteFilter(invoke, token)
 }
 
+overlay[local?]
 private class TypeModelUseEntry extends API::EntryPoint {
   private string type;
 
@@ -505,6 +506,7 @@ private class TypeModelUseEntry extends API::EntryPoint {
   API::Node getNodeForType(string type_) { type = type_ and result = this.getANode() }
 }
 
+overlay[local?]
 private class TypeModelDefEntry extends API::EntryPoint {
   private string type;
 

javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll

@@ -93,6 +93,7 @@ private predicate parseRelevantTypeString(string rawType, string package, string
 }
 
 /** Holds if `global` is a global variable referenced via a the `global` package in a CSV row. */
+overlay[local]
 private predicate isRelevantGlobal(string global) {
   exists(AccessPath path, AccessPathToken token |
     isRelevantFullPath("global", path) and
@@ -103,6 +104,7 @@ private predicate isRelevantGlobal(string global) {
 }
 
 /** An API graph entry point for global variables mentioned in a model. */
+overlay[local?]
 private class GlobalApiEntryPoint extends API::EntryPoint {
   string global;
 

javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll

@@ -114,6 +114,7 @@ class ClientSideRemoteFlowKind extends string {
  * `name` and `address` of global variable `user` should be considered as remote flow sources with
  * source type "user input".
  */
+overlay[local?]
 private class RemoteFlowSourceAccessPath extends JsonString {
   string sourceType;
 
@@ -167,6 +168,7 @@ private class RemoteFlowSourceAccessPath extends JsonString {
  * The global variable referenced by a `RemoteFlowSourceAccessPath`, declared as an API
  * entry point.
  */
+overlay[local?]
 private class ExternalRemoteFlowSourceSpecEntryPoint extends API::EntryPoint {
   string name;
 

javascript/ql/test/ApiGraphs/custom-entry-point/VerifyAssertions.ql

@@ -1,3 +1,4 @@
+overlay[local?]
 class CustomEntryPoint extends API::EntryPoint {
   CustomEntryPoint() { this = "CustomEntryPoint" }