From cfe20810bfe68edd51869a0dfc35cc94547f47f2 Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esbena@github.com>
Date: Tue, 29 Mar 2022 23:54:43 +0200
Subject: [PATCH] improve getSimpleAccessPath

---
 .../EndpointFeatures.qll                      | 39 +++++++++++--------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
index 5910f65de53..25a8f81f445 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointFeatures.qll
@@ -376,26 +376,31 @@ private module SyntacticUtilities {
   }
 
   string getSimpleAccessPath(DataFlow::Node node) {
-    result = node.asExpr().(VarAccess).getName()
-    or
-    exists(DataFlow::PropRead p |
-      p = node and
-      result = getSimpleAccessPath(p.getBase()) + "." + p.getPropertyName()
-    )
-    or
-    exists(DataFlow::MethodCallNode p |
-      p = node and
-      result = getSimpleAccessPath(p.getReceiver()) + "." + p.getMethodName() + "()"
-    )
-    or
-    exists(DataFlow::CallNode p |
-      p = node and
-      not p instanceof DataFlow::MethodCallNode and
-      result = p.getCalleeName() + "()"
-    )
+    if node.asExpr() instanceof SuperAccess
+    then result = "super"
+    else
+      if node.asExpr() instanceof ThisAccess
+      then result = "this"
+      else
+        if node.asExpr() instanceof VarAccess
+        then result = node.asExpr().(VarAccess).getName()
+        else
+          if node instanceof DataFlow::PropRead
+          then
+            result =
+              getSimpleAccessPath(node.(DataFlow::PropRead).getBase()) + "." +
+                getPropertyNameOrUnknown(node)
+          else
+            if node instanceof DataFlow::InvokeNode
+            then result = getSimpleAccessPath(node.(DataFlow::InvokeNode).getCalleeNode()) + "()"
+            else result = "?"
   }
 }
 
+string getPropertyNameOrUnknown(DataFlow::PropRead read) {
+  if exists(read.getPropertyName()) then result = read.getPropertyName() else result = "?"
+}
+
 class CalleeAccessPathSimpleFromArgumentTraversal extends EndPointFeature,
   TCalleeAccessPathSimpleFromArgumentTraversal {
   override string getEncoding() { result = "calleeAccessPathSimpleFromArgumentTraversal" }