JavaScript: Introduce indices for sent/received items.

javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll

@@ -181,14 +181,17 @@ module SocketIO {
     /** Gets the event name associated with the data, if it can be determined. */
     string getEventName() { getArgument(0).mayHaveStringValue(result) }
 
-    /** Gets a data flow node representing data received from a client. */
-    DataFlow::SourceNode getAReceivedItem() {
-      exists(DataFlow::FunctionNode cb | cb = getCallback(1) and result = cb.getAParameter() |
+    /** Gets the `i`th parameter through which data is received from a client. */
+    DataFlow::SourceNode getReceivedItem(int i) {
+      exists(DataFlow::FunctionNode cb | cb = getCallback(1) and result = cb.getParameter(i) |
         // exclude last parameter if it looks like a callback
         result != cb.getLastParameter() or not exists(result.getAnInvocation())
       )
     }
 
+    /** Gets a data flow node representing data received from a client. */
+    DataFlow::SourceNode getAReceivedItem() { result = getReceivedItem(_) }
+
     /** Gets the acknowledgment callback, if any. */
     DataFlow::SourceNode getAck() {
       result = getCallback(1).getLastParameter() and
@@ -251,14 +254,19 @@ module SocketIO {
       if firstDataIndex = 1 then getArgument(0).mayHaveStringValue(result) else result = "message"
     }
 
-    /** Gets a data flow node representing data sent to the client. */
-    DataFlow::Node getASentItem() {
-      exists(int i | result = getArgument(i) and i >= firstDataIndex |
+    /** Gets the `i`th argument through which data is sent to the client. */
+    DataFlow::Node getSentItem(int i) {
+      result = getArgument(i + firstDataIndex) and
+      i >= 0 and
+      (
         // exclude last argument if it looks like a callback
         result != getLastArgument() or not exists(getAck())
       )
     }
 
+    /** Gets a data flow node representing data sent to the client. */
+    DataFlow::Node getASentItem() { result = getSentItem(_) }
+
     /** Gets the acknowledgment callback, if any. */
     DataFlow::FunctionNode getAck() {
       // acknowledgments are only available when sending through a socket
@@ -383,14 +391,17 @@ module SocketIOClient {
     /** Gets the event name associated with the data, if it can be determined. */
     string getEventName() { getArgument(0).mayHaveStringValue(result) }
 
-    /** Gets a data flow node representing data received from the server. */
-    DataFlow::SourceNode getAReceivedItem() {
-      exists(DataFlow::FunctionNode cb | cb = getCallback(1) and result = cb.getAParameter() |
+    /** Gets the `i`th parameter through which data is received from the server. */
+    DataFlow::SourceNode getReceivedItem(int i) {
+      exists(DataFlow::FunctionNode cb | cb = getCallback(1) and result = cb.getParameter(i) |
         // exclude the last parameter if it looks like a callback
         result != cb.getLastParameter() or not exists(result.getAnInvocation())
       )
     }
 
+    /** Gets a data flow node representing data received from the server. */
+    DataFlow::SourceNode getAReceivedItem() { result = getReceivedItem(_) }
+
     /** Gets the acknowledgment callback, if any. */
     DataFlow::SourceNode getAck() {
       result = getCallback(1).getLastParameter() and
@@ -433,14 +444,19 @@ module SocketIOClient {
       if firstDataIndex = 1 then getArgument(0).mayHaveStringValue(result) else result = "message"
     }
 
-    /** Gets a data flow node representing data sent to the server. */
-    DataFlow::Node getASentItem() {
-      exists(int i | result = getArgument(i) and i >= firstDataIndex |
+    /** Gets the `i`th argument through which data is sent to the server. */
+    DataFlow::Node getSentItem(int i) {
+      result = getArgument(i + firstDataIndex) and
+      i >= 0 and
+      (
         // exclude last argument if it looks like a callback
         result != getLastArgument() or not exists(getAck())
       )
     }
 
+    /** Gets a data flow node representing data sent to the server. */
+    DataFlow::Node getASentItem() { result = getSentItem(_) }
+
     /** Gets the acknowledgment callback, if any. */
     DataFlow::FunctionNode getAck() { result = getLastArgument().getALocalSource() }
   }

javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getAReceivedItem.expected

@@ -1,4 +0,0 @@
-| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | client2.js:4:21:4:21 | x |
-| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | client2.js:4:24:4:24 | y |
-| client2.js:8:1:8:33 | sock.on ...  => {}) | client2.js:8:23:8:25 | msg |
-| client2.js:10:1:12:2 | sock.on ... d");\\n}) | client2.js:10:18:10:18 | x |

javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getAReceivedItem.ql

@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIOClient::ReceiveNode rn
-select rn, rn.getAReceivedItem()

javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getReceivedItem.expected

@@ -0,0 +1,4 @@
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | 0 | client2.js:4:21:4:21 | x |
+| client2.js:4:1:6:2 | sock.on ...  y);\\n}) | 1 | client2.js:4:24:4:24 | y |
+| client2.js:8:1:8:33 | sock.on ...  => {}) | 0 | client2.js:8:23:8:25 | msg |
+| client2.js:10:1:12:2 | sock.on ... d");\\n}) | 0 | client2.js:10:18:10:18 | x |

javascript/ql/test/library-tests/frameworks/SocketIO/ClientReceiveNode_getReceivedItem.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from SocketIOClient::ReceiveNode rn, int i
+select rn, i, rn.getReceivedItem(i)

javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getASentItem.expected

@@ -1,3 +0,0 @@
-| client2.js:14:1:14:32 | sock.em ... there") | client2.js:14:19:14:22 | "hi" |
-| client2.js:14:1:14:32 | sock.em ... there") | client2.js:14:25:14:31 | "there" |
-| client2.js:16:1:16:36 | sock.wr ...  => {}) | client2.js:16:12:16:25 | "do you copy?" |

javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getASentItem.ql

@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIOClient::SendNode sn
-select sn, sn.getASentItem()

javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getSentItem.expected

@@ -0,0 +1,3 @@
+| client2.js:14:1:14:32 | sock.em ... there") | 0 | client2.js:14:19:14:22 | "hi" |
+| client2.js:14:1:14:32 | sock.em ... there") | 1 | client2.js:14:25:14:31 | "there" |
+| client2.js:16:1:16:36 | sock.wr ...  => {}) | 0 | client2.js:16:12:16:25 | "do you copy?" |

javascript/ql/test/library-tests/frameworks/SocketIO/ClientSendNode_getSentItem.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from SocketIOClient::SendNode sn, int i
+select sn, i, sn.getSentItem(i)

javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getAReceivedItem.expected

@@ -1,3 +0,0 @@
-| tst.js:70:3:70:35 | socket. ...  => {}) | tst.js:70:25:70:27 | msg |
-| tst.js:71:3:71:46 | socket. ...  => {}) | tst.js:71:27:71:31 | data1 |
-| tst.js:71:3:71:46 | socket. ...  => {}) | tst.js:71:34:71:38 | data2 |

javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getAReceivedItem.ql

@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::ReceiveNode rn
-select rn, rn.getAReceivedItem()

javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getReceivedItem.expected

@@ -0,0 +1,3 @@
+| tst.js:70:3:70:35 | socket. ...  => {}) | 0 | tst.js:70:25:70:27 | msg |
+| tst.js:71:3:71:46 | socket. ...  => {}) | 0 | tst.js:71:27:71:31 | data1 |
+| tst.js:71:3:71:46 | socket. ...  => {}) | 1 | tst.js:71:34:71:38 | data2 |

javascript/ql/test/library-tests/frameworks/SocketIO/ReceiveNode_getReceivedItem.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from SocketIO::ReceiveNode rn, int i
+select rn, i, rn.getReceivedItem(i)

javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getASentItem.expected

@@ -1,9 +0,0 @@
-| tst.js:30:1:30:28 | ns.emit ... event') | tst.js:30:18:30:27 | 'an event' |
-| tst.js:31:1:31:20 | ns.send('a message') | tst.js:31:9:31:19 | 'a message' |
-| tst.js:32:1:32:22 | ns2.wri ... ssage') | tst.js:32:11:32:21 | 'a message' |
-| tst.js:39:1:39:31 | io.emit ... ssage') | tst.js:39:20:39:30 | 'a message' |
-| tst.js:40:1:40:20 | io.send('a message') | tst.js:40:9:40:19 | 'a message' |
-| tst.js:41:1:41:21 | io.writ ... ssage') | tst.js:41:10:41:20 | 'a message' |
-| tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:54:15:54:17 | 'a' |
-| tst.js:54:3:54:43 | socket. ...  => {}) | tst.js:54:20:54:28 | 'message' |
-| tst.js:55:3:55:27 | socket. ... ssage') | tst.js:55:16:55:26 | 'a message' |

javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getASentItem.ql

@@ -1,4 +0,0 @@
-import javascript
-
-from SocketIO::SendNode sn
-select sn, sn.getASentItem()

javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSentItem.expected

@@ -0,0 +1,9 @@
+| tst.js:30:1:30:28 | ns.emit ... event') | 0 | tst.js:30:18:30:27 | 'an event' |
+| tst.js:31:1:31:20 | ns.send('a message') | 0 | tst.js:31:9:31:19 | 'a message' |
+| tst.js:32:1:32:22 | ns2.wri ... ssage') | 0 | tst.js:32:11:32:21 | 'a message' |
+| tst.js:39:1:39:31 | io.emit ... ssage') | 0 | tst.js:39:20:39:30 | 'a message' |
+| tst.js:40:1:40:20 | io.send('a message') | 0 | tst.js:40:9:40:19 | 'a message' |
+| tst.js:41:1:41:21 | io.writ ... ssage') | 0 | tst.js:41:10:41:20 | 'a message' |
+| tst.js:54:3:54:43 | socket. ...  => {}) | 0 | tst.js:54:15:54:17 | 'a' |
+| tst.js:54:3:54:43 | socket. ...  => {}) | 1 | tst.js:54:20:54:28 | 'message' |
+| tst.js:55:3:55:27 | socket. ... ssage') | 0 | tst.js:55:16:55:26 | 'a message' |

javascript/ql/test/library-tests/frameworks/SocketIO/SendNode_getSentItem.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from SocketIO::SendNode sn, int i
+select sn, i, sn.getSentItem(i)