Merge branch 'main' into ts4

javascript/ql/test/library-tests/CallGraphs/FullTest/non-strict.js

@@ -0,0 +1,8 @@
+(function () {
+  if (true) {
+    function foo() {
+      return 3;
+    }
+  }
+  return foo(); // this resolves to `foo` above, because we have function-scope in non-strict mode.
+})();

javascript/ql/test/library-tests/CallGraphs/FullTest/strict.js

@@ -0,0 +1,10 @@
+(function () {
+  if (true) {
+    function foo() {
+      return 3;
+    }
+  }
+  return foo(); // `foo` is not defined, because we are in strict-mode.
+})();
+
+export default 3; // strict-mode implied because ES2015 module.

javascript/ql/test/library-tests/CallGraphs/FullTest/strict2.js

@@ -0,0 +1,12 @@
+"use strict";
+(function () {
+  "use strict";
+  if (true) {
+    function foo() {
+      return 3;
+    }
+  }
+  return foo(); // `foo` is not defined, because we are in strict-mode.
+})();
+
+export default 3; // strict-mode implied because ES2015 module.

javascript/ql/test/library-tests/CallGraphs/FullTest/tests.expected

@@ -90,6 +90,11 @@ test_getAFunctionValue
 | m.js:3:1:3:16 | module.exports.f | m.js:1:13:1:25 | function() {} |
 | n.js:2:1:2:3 | m.f | m.js:1:13:1:25 | function() {} |
 | n.js:5:1:5:4 | m2.f | m2.js:2:6:2:18 | function() {} |
+| non-strict.js:1:1:8:2 | (functi ... ode.\\n}) | non-strict.js:1:2:8:1 | functio ... mode.\\n} |
+| non-strict.js:1:2:8:1 | functio ... mode.\\n} | non-strict.js:1:2:8:1 | functio ... mode.\\n} |
+| non-strict.js:3:5:5:5 | functio ... ;\\n    } | non-strict.js:3:5:5:5 | functio ... ;\\n    } |
+| non-strict.js:3:14:3:16 | foo | non-strict.js:3:5:5:5 | functio ... ;\\n    } |
+| non-strict.js:7:10:7:12 | foo | non-strict.js:3:5:5:5 | functio ... ;\\n    } |
 | protoclass.js:3:1:5:1 | functio ... it();\\n} | protoclass.js:3:1:5:1 | functio ... it();\\n} |
 | protoclass.js:3:10:3:10 | F | protoclass.js:3:1:5:1 | functio ... it();\\n} |
 | protoclass.js:4:3:4:11 | this.init | protoclass.js:7:20:11:1 | functio ...  m();\\n} |
@@ -110,6 +115,12 @@ test_getAFunctionValue
 | reflection.js:7:1:7:3 | add | reflection.js:1:1:3:1 | functio ...  x+y;\\n} |
 | reflection.js:8:1:8:3 | add | reflection.js:1:1:3:1 | functio ...  x+y;\\n} |
 | reflection.js:8:1:8:9 | add.apply | reflection.js:5:15:5:39 | functio ... n 56; } |
+| strict2.js:2:1:10:2 | (functi ... ode.\\n}) | strict2.js:2:2:10:1 | functio ... mode.\\n} |
+| strict2.js:2:2:10:1 | functio ... mode.\\n} | strict2.js:2:2:10:1 | functio ... mode.\\n} |
+| strict2.js:5:5:7:5 | functio ... ;\\n    } | strict2.js:5:5:7:5 | functio ... ;\\n    } |
+| strict.js:1:1:8:2 | (functi ... ode.\\n}) | strict.js:1:2:8:1 | functio ... mode.\\n} |
+| strict.js:1:2:8:1 | functio ... mode.\\n} | strict.js:1:2:8:1 | functio ... mode.\\n} |
+| strict.js:3:5:5:5 | functio ... ;\\n    } | strict.js:3:5:5:5 | functio ... ;\\n    } |
 | tst3.js:1:1:1:22 | functio ... fn() {} | tst3.js:1:1:1:22 | functio ... fn() {} |
 | tst3.js:2:1:2:23 | functio ... n2() {} | tst3.js:2:1:2:23 | functio ... n2() {} |
 | tst.js:1:1:1:15 | function f() {} | tst.js:1:1:1:15 | function f() {} |
@@ -225,6 +236,8 @@ test_getNumArgument
 | n.js:2:1:2:5 | m.f() | 0 |
 | n.js:4:10:4:24 | require('./m2') | 1 |
 | n.js:5:1:5:6 | m2.f() | 0 |
+| non-strict.js:1:1:8:4 | (functi ... e.\\n})() | 0 |
+| non-strict.js:7:10:7:14 | foo() | 0 |
 | protoclass.js:4:3:4:13 | this.init() | 0 |
 | protoclass.js:8:3:8:15 | this.method() | 0 |
 | protoclass.js:9:11:9:32 | this.me ... d(this) | 1 |
@@ -233,6 +246,10 @@ test_getNumArgument
 | reflection.js:7:1:7:22 | add.cal ... 23, 19) | 3 |
 | reflection.js:7:1:7:22 | reflective call | 2 |
 | reflection.js:8:1:8:25 | add.app ... 3, 19]) | 2 |
+| strict2.js:2:1:10:4 | (functi ... e.\\n})() | 0 |
+| strict2.js:9:10:9:14 | foo() | 0 |
+| strict.js:1:1:8:4 | (functi ... e.\\n})() | 0 |
+| strict.js:7:10:7:14 | foo() | 0 |
 | tst.js:6:1:6:3 | f() | 0 |
 | tst.js:7:1:7:3 | g() | 0 |
 | tst.js:8:1:8:3 | h() | 0 |
@@ -321,6 +338,8 @@ test_getCalleeNode
 | n.js:2:1:2:5 | m.f() | n.js:2:1:2:3 | m.f |
 | n.js:4:10:4:24 | require('./m2') | n.js:4:10:4:16 | require |
 | n.js:5:1:5:6 | m2.f() | n.js:5:1:5:4 | m2.f |
+| non-strict.js:1:1:8:4 | (functi ... e.\\n})() | non-strict.js:1:1:8:2 | (functi ... ode.\\n}) |
+| non-strict.js:7:10:7:14 | foo() | non-strict.js:7:10:7:12 | foo |
 | protoclass.js:4:3:4:13 | this.init() | protoclass.js:4:3:4:11 | this.init |
 | protoclass.js:8:3:8:15 | this.method() | protoclass.js:8:3:8:13 | this.method |
 | protoclass.js:9:11:9:32 | this.me ... d(this) | protoclass.js:9:11:9:26 | this.method.bind |
@@ -330,6 +349,10 @@ test_getCalleeNode
 | reflection.js:7:1:7:22 | reflective call | reflection.js:7:1:7:3 | add |
 | reflection.js:8:1:8:25 | add.app ... 3, 19]) | reflection.js:8:1:8:9 | add.apply |
 | reflection.js:8:1:8:25 | reflective call | reflection.js:8:1:8:3 | add |
+| strict2.js:2:1:10:4 | (functi ... e.\\n})() | strict2.js:2:1:10:2 | (functi ... ode.\\n}) |
+| strict2.js:9:10:9:14 | foo() | strict2.js:9:10:9:12 | foo |
+| strict.js:1:1:8:4 | (functi ... e.\\n})() | strict.js:1:1:8:2 | (functi ... ode.\\n}) |
+| strict.js:7:10:7:14 | foo() | strict.js:7:10:7:12 | foo |
 | tst.js:6:1:6:3 | f() | tst.js:6:1:6:1 | f |
 | tst.js:7:1:7:3 | g() | tst.js:7:1:7:1 | g |
 | tst.js:8:1:8:3 | h() | tst.js:8:1:8:1 | h |
@@ -408,11 +431,15 @@ test_getACallee
 | m.js:3:1:3:18 | module.exports.f() | m.js:1:13:1:25 | function() {} |
 | n.js:2:1:2:5 | m.f() | m.js:1:13:1:25 | function() {} |
 | n.js:5:1:5:6 | m2.f() | m2.js:2:6:2:18 | function() {} |
+| non-strict.js:1:1:8:4 | (functi ... e.\\n})() | non-strict.js:1:2:8:1 | functio ... mode.\\n} |
+| non-strict.js:7:10:7:14 | foo() | non-strict.js:3:5:5:5 | functio ... ;\\n    } |
 | protoclass.js:4:3:4:13 | this.init() | protoclass.js:7:20:11:1 | functio ...  m();\\n} |
 | protoclass.js:8:3:8:15 | this.method() | protoclass.js:13:22:13:34 | function() {} |
 | reflection.js:7:1:7:22 | reflective call | reflection.js:1:1:3:1 | functio ...  x+y;\\n} |
 | reflection.js:8:1:8:25 | add.app ... 3, 19]) | reflection.js:5:15:5:39 | functio ... n 56; } |
 | reflection.js:8:1:8:25 | reflective call | reflection.js:1:1:3:1 | functio ...  x+y;\\n} |
+| strict2.js:2:1:10:4 | (functi ... e.\\n})() | strict2.js:2:2:10:1 | functio ... mode.\\n} |
+| strict.js:1:1:8:4 | (functi ... e.\\n})() | strict.js:1:2:8:1 | functio ... mode.\\n} |
 | tst.js:6:1:6:3 | f() | tst.js:1:1:1:15 | function f() {} |
 | tst.js:7:1:7:3 | g() | tst.js:2:9:2:21 | function() {} |
 | tst.js:8:1:8:3 | h() | tst.js:3:5:3:17 | function() {} |
@@ -463,6 +490,7 @@ test_getCalleeName
 | n.js:2:1:2:5 | m.f() | f |
 | n.js:4:10:4:24 | require('./m2') | require |
 | n.js:5:1:5:6 | m2.f() | f |
+| non-strict.js:7:10:7:14 | foo() | foo |
 | protoclass.js:4:3:4:13 | this.init() | init |
 | protoclass.js:8:3:8:15 | this.method() | method |
 | protoclass.js:9:11:9:32 | this.me ... d(this) | bind |
@@ -470,6 +498,8 @@ test_getCalleeName
 | reflection.js:4:5:4:12 | sneaky() | sneaky |
 | reflection.js:7:1:7:22 | add.cal ... 23, 19) | call |
 | reflection.js:8:1:8:25 | add.app ... 3, 19]) | apply |
+| strict2.js:9:10:9:14 | foo() | foo |
+| strict.js:7:10:7:14 | foo() | foo |
 | tst.js:6:1:6:3 | f() | f |
 | tst.js:7:1:7:3 | g() | g |
 | tst.js:8:1:8:3 | h() | h |

javascript/ql/test/library-tests/Functions/getId.qll

@@ -1,5 +1,5 @@
 import javascript
 
 query predicate test_getId(Function f, VarDecl res0, string res1) {
-  res0 = f.getId() and res1 = f.getName()
+  res0 = f.getIdentifier() and res1 = f.getName()
 }

javascript/ql/test/library-tests/InterProceduralFlow/TrackedNodes.expected

@@ -1,55 +0,0 @@
-| missing | callback.js:17:15:17:23 | "source2" | callback.js:8:16:8:20 | xs[i] |
-| missing | callback.js:17:15:17:23 | "source2" | callback.js:12:16:12:16 | x |
-| missing | callback.js:17:15:17:23 | "source2" | callback.js:12:16:12:16 | x |
-| missing | callback.js:17:15:17:23 | "source2" | callback.js:13:14:13:14 | x |
-| missing | promises.js:1:2:1:2 | source | promises.js:6:26:6:28 | val |
-| missing | promises.js:1:2:1:2 | source | promises.js:6:26:6:28 | val |
-| missing | promises.js:1:2:1:2 | source | promises.js:7:16:7:18 | val |
-| missing | promises.js:1:2:1:2 | source | promises.js:37:11:37:11 | v |
-| missing | promises.js:1:2:1:2 | source | promises.js:37:11:37:11 | v |
-| missing | promises.js:1:2:1:2 | source | promises.js:38:32:38:32 | v |
-| missing | promises.js:2:16:2:24 | "tainted" | promises.js:6:26:6:28 | val |
-| missing | promises.js:2:16:2:24 | "tainted" | promises.js:6:26:6:28 | val |
-| missing | promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val |
-| missing | promises.js:2:16:2:24 | "tainted" | promises.js:37:11:37:11 | v |
-| missing | promises.js:2:16:2:24 | "tainted" | promises.js:37:11:37:11 | v |
-| missing | promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v |
-| missing | promises.js:10:30:17:3 | exceptional return of anonymous function | promises.js:20:7:20:7 | v |
-| missing | promises.js:10:30:17:3 | exceptional return of anonymous function | promises.js:20:7:20:7 | v |
-| missing | promises.js:10:30:17:3 | exceptional return of anonymous function | promises.js:21:20:21:20 | v |
-| missing | promises.js:10:30:17:3 | exceptional return of anonymous function | promises.js:23:19:23:19 | v |
-| missing | promises.js:10:30:17:3 | exceptional return of anonymous function | promises.js:23:19:23:19 | v |
-| missing | promises.js:10:30:17:3 | exceptional return of anonymous function | promises.js:24:20:24:20 | v |
-| missing | promises.js:11:22:11:31 | "resolved" | promises.js:18:18:18:18 | v |
-| missing | promises.js:11:22:11:31 | "resolved" | promises.js:18:18:18:18 | v |
-| missing | promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v |
-| missing | promises.js:12:22:12:31 | "rejected" | promises.js:20:7:20:7 | v |
-| missing | promises.js:12:22:12:31 | "rejected" | promises.js:20:7:20:7 | v |
-| missing | promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v |
-| missing | promises.js:12:22:12:31 | "rejected" | promises.js:23:19:23:19 | v |
-| missing | promises.js:12:22:12:31 | "rejected" | promises.js:23:19:23:19 | v |
-| missing | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v |
-| missing | promises.js:13:9:13:21 | exceptional return of Math.random() | promises.js:20:7:20:7 | v |
-| missing | promises.js:13:9:13:21 | exceptional return of Math.random() | promises.js:20:7:20:7 | v |
-| missing | promises.js:13:9:13:21 | exceptional return of Math.random() | promises.js:21:20:21:20 | v |
-| missing | promises.js:13:9:13:21 | exceptional return of Math.random() | promises.js:23:19:23:19 | v |
-| missing | promises.js:13:9:13:21 | exceptional return of Math.random() | promises.js:23:19:23:19 | v |
-| missing | promises.js:13:9:13:21 | exceptional return of Math.random() | promises.js:24:20:24:20 | v |
-| missing | promises.js:14:7:14:21 | exceptional return of res(res_source) | promises.js:20:7:20:7 | v |
-| missing | promises.js:14:7:14:21 | exceptional return of res(res_source) | promises.js:20:7:20:7 | v |
-| missing | promises.js:14:7:14:21 | exceptional return of res(res_source) | promises.js:21:20:21:20 | v |
-| missing | promises.js:14:7:14:21 | exceptional return of res(res_source) | promises.js:23:19:23:19 | v |
-| missing | promises.js:14:7:14:21 | exceptional return of res(res_source) | promises.js:23:19:23:19 | v |
-| missing | promises.js:14:7:14:21 | exceptional return of res(res_source) | promises.js:24:20:24:20 | v |
-| missing | promises.js:16:7:16:21 | exceptional return of rej(rej_source) | promises.js:20:7:20:7 | v |
-| missing | promises.js:16:7:16:21 | exceptional return of rej(rej_source) | promises.js:20:7:20:7 | v |
-| missing | promises.js:16:7:16:21 | exceptional return of rej(rej_source) | promises.js:21:20:21:20 | v |
-| missing | promises.js:16:7:16:21 | exceptional return of rej(rej_source) | promises.js:23:19:23:19 | v |
-| missing | promises.js:16:7:16:21 | exceptional return of rej(rej_source) | promises.js:23:19:23:19 | v |
-| missing | promises.js:16:7:16:21 | exceptional return of rej(rej_source) | promises.js:24:20:24:20 | v |
-| missing | promises.js:32:24:32:37 | "also tainted" | promises.js:37:11:37:11 | v |
-| missing | promises.js:32:24:32:37 | "also tainted" | promises.js:37:11:37:11 | v |
-| missing | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v |
-| missing | tst.js:2:17:2:22 | "src1" | tst.js:27:22:27:24 | elt |
-| missing | tst.js:2:17:2:22 | "src1" | tst.js:27:22:27:24 | elt |
-| missing | tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt |

javascript/ql/test/library-tests/InterProceduralFlow/TrackedNodes.ql

@@ -1,31 +0,0 @@
-import javascript
-
-/**
- * Track all nodes that do not have flow predecessors.
- */
-class TrackAllSources extends DataFlow::TrackedNode {
-  TrackAllSources() { not exists(getAPredecessor()) }
-}
-
-/**
- * A data flow configuration that emulates the flow tracking done by
- * `DataFlow::TrackedNode`.
- */
-class AllSourcesTrackingConfig extends DataFlow::Configuration {
-  AllSourcesTrackingConfig() { this = "TrackAllTrackedNodes" }
-
-  override predicate isSource(DataFlow::Node src) { src instanceof DataFlow::TrackedNode }
-
-  override predicate isSink(DataFlow::Node snk) { any() }
-}
-
-from DataFlow::Node source, DataFlow::Node sink, AllSourcesTrackingConfig cfg, string problem
-where
-  cfg.hasFlow(source, sink) and
-  not source.(DataFlow::TrackedNode).flowsTo(sink) and
-  problem = "missing"
-  or
-  not cfg.hasFlow(source, sink) and
-  source.(DataFlow::TrackedNode).flowsTo(sink) and
-  problem = "spurious"
-select problem, source, sink

javascript/ql/test/library-tests/ModuleTypes/commonjs.cjs

@@ -0,0 +1,3 @@
+var fs = require("fs");
+console.log("I'm a .cjs file!");
+console.log(fs);

javascript/ql/test/library-tests/ModuleTypes/import.js

@@ -0,0 +1,5 @@
+import * as fs from "fs";
+
+export default function (x) {
+    return fs.readFileSync(x);
+};

javascript/ql/test/library-tests/ModuleTypes/mjs.mjs

@@ -0,0 +1 @@
+console.log("I'm a .mjs file!");

javascript/ql/test/library-tests/ModuleTypes/require.js

@@ -0,0 +1,7 @@
+var fs = require("fs");
+
+module.exports = {
+    foo: function (x) {
+        return fs.readFileSync(x);
+    }
+}

javascript/ql/test/library-tests/ModuleTypes/script.js

@@ -0,0 +1 @@
+console.log("I'm a plain script!");

javascript/ql/test/library-tests/ModuleTypes/tests.expected

@@ -0,0 +1,5 @@
+| commonjs.cjs:1:1:3:16 | <toplevel> | node |
+| import.js:1:1:5:2 | <toplevel> | es2015 |
+| mjs.mjs:1:1:1:32 | <toplevel> | es2015 |
+| require.js:1:1:7:1 | <toplevel> | node |
+| script.js:1:1:1:35 | <toplevel> | non-module |

javascript/ql/test/library-tests/ModuleTypes/tests.ql

@@ -0,0 +1,18 @@
+import javascript
+
+query string getModuleType(TopLevel top) {
+  not top.isExterns() and
+  (
+    not top instanceof Module and
+    result = "non-module"
+    or
+    top instanceof NodeModule and
+    result = "node"
+    or
+    top instanceof ES2015Module and
+    result = "es2015"
+    or
+    top instanceof AmdModule and
+    result = "amd"
+  )
+}

javascript/ql/test/library-tests/TypeScript/Namespaces/CheckBindings.ql

@@ -10,7 +10,7 @@ class ResolveCall extends CallExpr {
   string getDeclaredValue() {
     result = getVariable().getAnAssignedExpr().getStringValue()
     or
-    exists(NamespaceDeclaration decl | decl.getId() = getVariable().getADeclaration() |
+    exists(NamespaceDeclaration decl | decl.getIdentifier() = getVariable().getADeclaration() |
       result = getNamespaceName(decl)
     )
   }
@@ -21,7 +21,8 @@ string getNamespaceName(NamespaceDeclaration decl) {
   or
   not decl.getStmt(0).(ExprStmt).getExpr() instanceof ConstantString and
   result =
-    "Namespace " + decl.getId() + " on line " + decl.getFirstToken().getLocation().getStartLine()
+    "Namespace " + decl.getIdentifier() + " on line " +
+      decl.getFirstToken().getLocation().getStartLine()
 }
 
 from ResolveCall resolve