JS: make use of TypeScript types for mongoose Model and Query

javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected

@@ -7,6 +7,17 @@ nodes
 | typedClient.ts:14:24:14:32 | { id: v } |
 | typedClient.ts:14:24:14:32 | { id: v } |
 | typedClient.ts:14:30:14:30 | v |
+| typedClient.ts:21:7:21:32 | v |
+| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) |
+| typedClient.ts:21:22:21:29 | req.body |
+| typedClient.ts:21:22:21:29 | req.body |
+| typedClient.ts:21:22:21:31 | req.body.x |
+| typedClient.ts:22:27:22:35 | { id: v } |
+| typedClient.ts:22:27:22:35 | { id: v } |
+| typedClient.ts:22:33:22:33 | v |
+| typedClient.ts:23:27:23:35 | { id: v } |
+| typedClient.ts:23:27:23:35 | { id: v } |
+| typedClient.ts:23:33:23:33 | v |
 edges
 | typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
 | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
@@ -15,5 +26,17 @@ edges
 | typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
 | typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
 | typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
+| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v |
+| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v |
+| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v |
+| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x |
+| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x |
+| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) |
+| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } |
+| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } |
+| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } |
+| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } |
 #select
 | typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |
+| typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query depends on $@. | typedClient.ts:21:22:21:29 | req.body | a user-provided value |
+| typedClient.ts:23:27:23:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:23:27:23:35 | { id: v } | This query depends on $@. | typedClient.ts:21:22:21:29 | req.body | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-089/typed/shim.d.ts

@@ -3,3 +3,11 @@ declare module "mongodb" {
     find(query: any): any;
   }
 }
+declare module "mongoose" {
+  interface Model {
+    find(query: any): any;
+  }
+  interface Query {
+    find(query: any): any;
+  }
+}

javascript/ql/test/query-tests/Security/CWE-089/typed/typedClient.ts

@@ -1,7 +1,7 @@
 import * as mongodb from "mongodb";
 
-const express = require('express') as any;
-const bodyParser = require('body-parser') as any;
+const express = require("express") as any;
+const bodyParser = require("body-parser") as any;
 
 declare function getCollection(): mongodb.Collection;
 
@@ -9,7 +9,16 @@ let app = express();
 
 app.use(bodyParser.json());
 
-app.post('/find', (req, res) => {
+app.post("/find", (req, res) => {
   let v = JSON.parse(req.body.x);
   getCollection().find({ id: v }); // NOT OK
 });
+
+import * as mongoose from "mongoose";
+declare function getMongooseModel(): mongoose.Model;
+declare function getMongooseQuery(): mongoose.Query;
+app.post("/find", (req, res) => {
+  let v = JSON.parse(req.body.x);
+  getMongooseModel().find({ id: v }); // NOT OK
+  getMongooseQuery().find({ id: v }); // NOT OK
+});