add explicit this to all member calls

2026-05-10 09:19:27 +02:00 · 2021-11-01 09:51:15 +01:00
parent 1c78c792ff
commit db40ccae81
85 changed files with 2063 additions and 1937 deletions
--- a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
+++ b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
@@ -18,17 +18,17 @@ import javascript
 */
 class IndexOfCall extends DataFlow::MethodCallNode {
  IndexOfCall() {
-    exists(string name | name = getMethodName() |
+    exists(string name | name = this.getMethodName() |
      name = "indexOf" or
      name = "lastIndexOf"
    ) and
-    getNumArgument() = 1
+    this.getNumArgument() = 1
  }

  /** Gets the receiver or argument of this call. */
  DataFlow::Node getAnOperand() {
-    result = getReceiver() or
-    result = getArgument(0)
+    result = this.getReceiver() or
+    result = this.getArgument(0)
  }

  /**
@@ -73,14 +73,14 @@ DataFlow::SourceNode getStringSource(DataFlow::Node node) {
 */
 class LiteralLengthExpr extends DotExpr {
  LiteralLengthExpr() {
-    getPropertyName() = "length" and
-    getBase() instanceof StringLiteral
+    this.getPropertyName() = "length" and
+    this.getBase() instanceof StringLiteral
  }

  /**
   * Gets the value of the string literal whose length is taken.
   */
-  string getBaseValue() { result = getBase().getStringValue() }
+  string getBaseValue() { result = this.getBase().getStringValue() }
 }

 /**
@@ -126,7 +126,7 @@ class UnsafeIndexOfComparison extends EqualityTest {
  DataFlow::Node testedValue;

  UnsafeIndexOfComparison() {
-    hasOperands(indexOf.getAUse(), testedValue.asExpr()) and
+    this.hasOperands(indexOf.getAUse(), testedValue.asExpr()) and
    isDerivedFromLength(testedValue, indexOf.getReceiver()) and
    isDerivedFromLength(testedValue, indexOf.getArgument(0)) and
    // Ignore cases like `x.indexOf("/") === x.length - 1` that can only be bypassed if `x` is the empty string.
--- a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
+++ b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
@@ -45,7 +45,7 @@ predicate escapingScheme(string metachar, string regex) {
 * A call to `String.prototype.replace` that replaces all instances of a pattern.
 */
 class Replacement extends StringReplaceCall {
-  Replacement() { isGlobal() }
+  Replacement() { this.isGlobal() }

  /**
   * Gets the input of this replacement.
@@ -66,7 +66,7 @@ class Replacement extends StringReplaceCall {
  predicate escapes(string char, string metachar) {
    exists(string regexp, string repl |
      escapingScheme(metachar, regexp) and
-      replaces(char, repl) and
+      this.replaces(char, repl) and
      repl.regexpMatch(regexp)
    )
  }
@@ -80,7 +80,7 @@ class Replacement extends StringReplaceCall {
  predicate unescapes(string metachar, string char) {
    exists(string regexp, string orig |
      escapingScheme(metachar, regexp) and
-      replaces(orig, char) and
+      this.replaces(orig, char) and
      orig.regexpMatch(regexp)
    )
  }
@@ -88,7 +88,9 @@ class Replacement extends StringReplaceCall {
  /**
   * Gets the previous replacement in this chain of replacements.
   */
-  Replacement getPreviousReplacement() { result.getOutput() = getASimplePredecessor*(getInput()) }
+  Replacement getPreviousReplacement() {
+    result.getOutput() = getASimplePredecessor*(this.getInput())
+  }

  /**
   * Gets an earlier replacement in this chain of replacements that