JavaScript: Refactor trackUseNode to avoid bad join order.

2026-04-30 03:05:15 +02:00 · 2020-11-24 15:13:04 +00:00
parent 7a229d9381
commit c9132ca6f8
1 changed files with 18 additions and 2 deletions
--- a/javascript/ql/src/semmle/javascript/ApiGraphs.qll
+++ b/javascript/ql/src/semmle/javascript/ApiGraphs.qll
@@ -716,11 +716,27 @@ module API {
        boundArgs <= 10
      )
      or
-      exists(DataFlow::TypeTracker t2 |
-        result = trackUseNode(nd, promisified, boundArgs, t2).track(t2, t)
+      exists(StepSummary summary |
+        t = useStep(nd, promisified, boundArgs, result, summary).append(summary)
      )
    }

+    private import semmle.javascript.dataflow.internal.StepSummary
+
+    /**
+     * Holds if `nd`, which is a use of an API-graph node, flows in zero or more potentially
+     * inter-procedural steps to some intermediate node, and then from that intermediate node to
+     * `res` in one step described by `summary`.
+     *
+     * This predicate exists solely to enforce a better join order in `trackUseNode` above.
+     */
+    pragma[noinline]
+    private DataFlow::TypeTracker useStep(
+      DataFlow::Node nd, boolean promisified, int boundArgs, DataFlow::Node res, StepSummary summary
+    ) {
+      StepSummary::step(trackUseNode(nd, promisified, boundArgs, result), res, summary)
+    }
+
    private DataFlow::SourceNode trackUseNode(
      DataFlow::SourceNode nd, boolean promisified, int boundArgs
    ) {