Javascript: Autoformat.

javascript/ql/src/meta/SSA/DeadDef.ql

@@ -10,7 +10,8 @@
 import javascript
 
 from SsaVariable d
-where not exists (d.getAUse()) and
-      not d = any(SsaPseudoDefinition phi).getAnInput() and
-      d.getSourceVariable() instanceof PurelyLocalVariable
+where
+  not exists(d.getAUse()) and
+  not d = any(SsaPseudoDefinition phi).getAnInput() and
+  d.getSourceVariable() instanceof PurelyLocalVariable
 select d, "Dead SSA definition " + d + "."

javascript/ql/src/meta/SSA/Dominance.ql

@@ -15,18 +15,22 @@ import javascript
  * which is a use of the same variable.
  */
 predicate dominates(SsaDefinition def, VarUse use) {
-  exists (SsaSourceVariable v,
-          ReachableBasicBlock defbb, int defidx,
-          ReachableBasicBlock usebb, int useidx |
-    def.definesAt(defbb, defidx, v) and usebb.useAt(useidx, v, use) |
-    defbb = usebb and defidx <= useidx or
+  exists(
+    SsaSourceVariable v, ReachableBasicBlock defbb, int defidx, ReachableBasicBlock usebb,
+    int useidx
+  |
+    def.definesAt(defbb, defidx, v) and usebb.useAt(useidx, v, use)
+  |
+    defbb = usebb and defidx <= useidx
+    or
     defbb.strictlyDominates(usebb)
   )
 }
 
 from VarUse u, SsaDefinition d
-where u.getVariable() instanceof SsaSourceVariable and
-      exists (ReachableBasicBlock bb | u = bb.getANode()) and
-      u = d.getVariable().getAUse() and
-      not dominates(d, u)
-select u, "Variable use is not dominated by its definition $@.", d, d.toString()
+where
+  u.getVariable() instanceof SsaSourceVariable and
+  exists(ReachableBasicBlock bb | u = bb.getANode()) and
+  u = d.getVariable().getAUse() and
+  not dominates(d, u)
+select u, "Variable use is not dominated by its definition $@.", d, d.toString()

javascript/ql/src/meta/SSA/MultipleDefs.ql

@@ -11,9 +11,10 @@
 import javascript
 
 from VarUse u, int n, SsaVariable v
-where u.getVariable() instanceof SsaSourceVariable and
-      exists (ReachableBasicBlock bb | u = bb.getANode()) and
-      n = count(u.getSsaVariable()) and
-      n > 1 and
-      v = u.getSsaVariable()
-select u, "Variable use has " + n + " corresponding SSA variables: $@.", v, v.toString()
+where
+  u.getVariable() instanceof SsaSourceVariable and
+  exists(ReachableBasicBlock bb | u = bb.getANode()) and
+  n = count(u.getSsaVariable()) and
+  n > 1 and
+  v = u.getSsaVariable()
+select u, "Variable use has " + n + " corresponding SSA variables: $@.", v, v.toString()

javascript/ql/src/meta/SSA/MultipleRefinementInputs.ql

@@ -10,7 +10,8 @@
 import javascript
 
 from SsaRefinementNode ref, int n, SsaDefinition input
-where n = count(ref.getAnInput()) and
-      n > 1 and
-      input = ref.getAnInput()
+where
+  n = count(ref.getAnInput()) and
+  n > 1 and
+  input = ref.getAnInput()
 select ref, "Refinement node has " + n + " inputs: $@.", input, input.toString()

javascript/ql/src/meta/SSA/NoDefs.ql

@@ -11,7 +11,8 @@
 import javascript
 
 from VarUse u
-where u.getVariable() instanceof SsaSourceVariable and
-      exists (ReachableBasicBlock bb | u = bb.getANode()) and
-      not exists(u.getSsaVariable())
-select u, "Variable use has no corresponding SSA variable."
+where
+  u.getVariable() instanceof SsaSourceVariable and
+  exists(ReachableBasicBlock bb | u = bb.getANode()) and
+  not exists(u.getSsaVariable())
+select u, "Variable use has no corresponding SSA variable."

javascript/ql/src/meta/Sanity.ql

@@ -16,10 +16,10 @@ import javascript
  */
 predicate exprWithoutEnclosingStmt(Expr e) {
   // Function names, parameters, default values and bodies do not have an enclosing statement.
-  exists (Function f | e = f.getAChild()) or
-  exists (Parameter p | e = p.getDefault()) or
+  exists(Function f | e = f.getAChild()) or
+  exists(Parameter p | e = p.getDefault()) or
   // Class members do not have enclosing statements.
-  exists (MemberDefinition md | e = md.getAChild()) or
+  exists(MemberDefinition md | e = md.getAChild()) or
   // If an expression's parent has no enclosing statement, then neither does the expression itself.
   exprWithoutEnclosingStmt(e.getParent()) or
   // Some expressions have non-expression parents that we want to skip over.
@@ -38,14 +38,27 @@ predicate exprWithoutEnclosingStmt(Expr e) {
  * `"3 results for toString()"`.
  */
 predicate uniqueness_error(int number, string what, string problem) {
-  (what = "toString" or what = "getLocation" or
-   what = "getTopLevel" or what = "getEnclosingStmt" or what = "getContainer" or what = "getEnclosingContainer" or
-   what = "getEntry" or what = "getExit" or what = "getFirstControlFlowNode" or
-   what = "getOuterScope" or what = "getScopeElement" or
-   what = "getBaseName" or what = "getOperator" or what = "getTest") and
-  (number = 0 and problem = "no results for " + what + "()"
-   or
-   number in [2 .. 10]  and problem = number.toString() + " results for " + what + "()")
+  (
+    what = "toString" or
+    what = "getLocation" or
+    what = "getTopLevel" or
+    what = "getEnclosingStmt" or
+    what = "getContainer" or
+    what = "getEnclosingContainer" or
+    what = "getEntry" or
+    what = "getExit" or
+    what = "getFirstControlFlowNode" or
+    what = "getOuterScope" or
+    what = "getScopeElement" or
+    what = "getBaseName" or
+    what = "getOperator" or
+    what = "getTest"
+  ) and
+  (
+    number = 0 and problem = "no results for " + what + "()"
+    or
+    number in [2 .. 10] and problem = number.toString() + " results for " + what + "()"
+  )
 }
 
 /**
@@ -54,33 +67,52 @@ predicate uniqueness_error(int number, string what, string problem) {
  * the violation, and `what` gives location information where possible.
  */
 predicate ast_sanity(string clsname, string problem, string what) {
-  exists (Locatable l | clsname = l.getAQlClass() |
-    uniqueness_error(count(l.toString()), "toString", problem) and what = "at " + l.getLocation() or
-    uniqueness_error(strictcount(l.getLocation()), "getLocation", problem) and what = l.getLocation().toString() or
+  exists(Locatable l | clsname = l.getAQlClass() |
+    uniqueness_error(count(l.toString()), "toString", problem) and what = "at " + l.getLocation()
+    or
+    uniqueness_error(strictcount(l.getLocation()), "getLocation", problem) and
+    what = l.getLocation().toString()
+    or
     not exists(l.getLocation()) and problem = "no location" and what = l.toString()
-  ) or
-  exists (ASTNode nd | clsname = nd.getAQlClass() |
-    uniqueness_error(count(nd.getTopLevel()), "getTopLevel", problem) and what = "at " + nd.getLocation()
-  ) or
-  exists (Expr e | clsname = e.getAQlClass() |
-    uniqueness_error(count(e.getContainer()), "getContainer", problem) and what = "at " + e.getLocation() or
-    (not exprWithoutEnclosingStmt(e) and
-     uniqueness_error(count(e.getEnclosingStmt()), "getEnclosingStmt", problem) and what = "at " + e.getLocation())
-  ) or
-  exists (Stmt s | clsname = s.getAQlClass() |
-    uniqueness_error(count(s.getContainer()), "getContainer", problem) and what = "at " + s.getLocation()
-  ) or
-  exists (StmtContainer cont | not cont instanceof TopLevel and clsname = cont.getAQlClass() |
-    uniqueness_error(count(cont.getEnclosingContainer()), "getEnclosingContainer", problem) and what = "at " + cont.getLocation()
-  ) or
-  exists (UnaryExpr ue | clsname = ue.getAQlClass() |
-    uniqueness_error(count(ue.getOperator()), "getOperator", problem) and what = "at " + ue.getLocation()
-  ) or
-  exists (UpdateExpr ue | clsname = ue.getAQlClass() |
-    uniqueness_error(count(ue.getOperator()), "getOperator", problem) and what = "at " + ue.getLocation()
-  ) or
-  exists (BinaryExpr be | clsname = be.getAQlClass() |
-    uniqueness_error(count(be.getOperator()), "getOperator", problem) and what = "at " + be.getLocation()
+  )
+  or
+  exists(ASTNode nd | clsname = nd.getAQlClass() |
+    uniqueness_error(count(nd.getTopLevel()), "getTopLevel", problem) and
+    what = "at " + nd.getLocation()
+  )
+  or
+  exists(Expr e | clsname = e.getAQlClass() |
+    uniqueness_error(count(e.getContainer()), "getContainer", problem) and
+    what = "at " + e.getLocation()
+    or
+    not exprWithoutEnclosingStmt(e) and
+    uniqueness_error(count(e.getEnclosingStmt()), "getEnclosingStmt", problem) and
+    what = "at " + e.getLocation()
+  )
+  or
+  exists(Stmt s | clsname = s.getAQlClass() |
+    uniqueness_error(count(s.getContainer()), "getContainer", problem) and
+    what = "at " + s.getLocation()
+  )
+  or
+  exists(StmtContainer cont | not cont instanceof TopLevel and clsname = cont.getAQlClass() |
+    uniqueness_error(count(cont.getEnclosingContainer()), "getEnclosingContainer", problem) and
+    what = "at " + cont.getLocation()
+  )
+  or
+  exists(UnaryExpr ue | clsname = ue.getAQlClass() |
+    uniqueness_error(count(ue.getOperator()), "getOperator", problem) and
+    what = "at " + ue.getLocation()
+  )
+  or
+  exists(UpdateExpr ue | clsname = ue.getAQlClass() |
+    uniqueness_error(count(ue.getOperator()), "getOperator", problem) and
+    what = "at " + ue.getLocation()
+  )
+  or
+  exists(BinaryExpr be | clsname = be.getAQlClass() |
+    uniqueness_error(count(be.getOperator()), "getOperator", problem) and
+    what = "at " + be.getLocation()
   )
 }
 
@@ -89,8 +121,9 @@ predicate ast_sanity(string clsname, string problem, string what) {
  * where `problem` describes the problem and `what` gives location information where possible.
  */
 predicate location_sanity(string clsname, string problem, string what) {
-  exists (Location l | clsname = l.getAQlClass() |
-    uniqueness_error(count(l.toString()), "toString", problem) and what = "at " + l or
+  exists(Location l | clsname = l.getAQlClass() |
+    uniqueness_error(count(l.toString()), "toString", problem) and what = "at " + l
+    or
     not exists(l.toString()) and problem = "no toString" and what = "a location"
   )
 }
@@ -98,9 +131,7 @@ predicate location_sanity(string clsname, string problem, string what) {
 /**
  * Holds if function or toplevel `sc` is expected to have an associated control flow graph.
  */
-predicate hasCFG(StmtContainer sc) {
-  not exists (Error err | err.getFile() = sc.getFile())
-}
+predicate hasCFG(StmtContainer sc) { not exists(Error err | err.getFile() = sc.getFile()) }
 
 /**
  * Holds if a contract involving the CFG structure is violated, where `clsname`
@@ -108,12 +139,15 @@ predicate hasCFG(StmtContainer sc) {
  * the violation, and `what` gives location information.
  */
 predicate cfg_sanity(string clsname, string problem, string what) {
-  exists (StmtContainer cont | clsname = cont.getAQlClass() and hasCFG(cont) |
-    uniqueness_error(count(cont.getEntry()), "getEntry", problem) and what = "at " + cont.getLocation() or
-    uniqueness_error(count(cont.getExit()), "getExit", problem) and what = "at " + cont.getLocation()
+  exists(StmtContainer cont | clsname = cont.getAQlClass() and hasCFG(cont) |
+    uniqueness_error(count(cont.getEntry()), "getEntry", problem) and
+    what = "at " + cont.getLocation()
+    or
+    uniqueness_error(count(cont.getExit()), "getExit", problem) and
+    what = "at " + cont.getLocation()
   )
   or
-  exists (ASTNode nd | clsname = nd.getAQlClass() and hasCFG(nd.getTopLevel()) |
+  exists(ASTNode nd | clsname = nd.getAQlClass() and hasCFG(nd.getTopLevel()) |
     uniqueness_error(count(nd.getFirstControlFlowNode()), "getFirstControlFlowNode", problem) and
     what = "at " + nd.getLocation()
   )
@@ -125,13 +159,19 @@ predicate cfg_sanity(string clsname, string problem, string what) {
  * the violation, and `what` gives location information.
  */
 predicate scope_sanity(string clsname, string problem, string what) {
-  exists (Scope s | clsname = s.getAQlClass() |
-    uniqueness_error(count(s.toString()), "toString", problem) and what = "a scope" or
+  exists(Scope s | clsname = s.getAQlClass() |
+    uniqueness_error(count(s.toString()), "toString", problem) and what = "a scope"
+    or
     not s instanceof GlobalScope and
-    (uniqueness_error(count(s.getOuterScope()), "getOuterScope", problem) and what = s.toString() or
-     uniqueness_error(count(s.getScopeElement()), "getScopeElement", problem) and what = s.toString())
-  ) or
-  exists (int n | n = count(GlobalScope g) and n != 1 |
+    (
+      uniqueness_error(count(s.getOuterScope()), "getOuterScope", problem) and what = s.toString()
+      or
+      uniqueness_error(count(s.getScopeElement()), "getScopeElement", problem) and
+      what = s.toString()
+    )
+  )
+  or
+  exists(int n | n = count(GlobalScope g) and n != 1 |
     clsname = "GlobalScope" and what = "" and problem = n + " instances"
   )
 }
@@ -141,7 +181,7 @@ predicate scope_sanity(string clsname, string problem, string what) {
  * where `problem` describes the problem and `what` is the empty string.
  */
 predicate jsdoc_sanity(string clsname, string problem, string what) {
-  exists (JSDocTypeExprParent jsdtep | clsname = jsdtep.getAQlClass() |
+  exists(JSDocTypeExprParent jsdtep | clsname = jsdtep.getAQlClass() |
     uniqueness_error(count(jsdtep.toString()), "toString", problem) and what = ""
   )
 }
@@ -151,7 +191,7 @@ predicate jsdoc_sanity(string clsname, string problem, string what) {
  * where `problem` describes the problem and `what` is the name of the variable.
  */
 predicate varref_sanity(string clsname, string problem, string what) {
-  exists (VarRef vr, int n | n = count(vr.getVariable()) and n != 1 |
+  exists(VarRef vr, int n | n = count(vr.getVariable()) and n != 1 |
     clsname = vr.getAQlClass() and
     what = vr.getName() and
     problem = n + " target variables instead of one"
@@ -159,10 +199,11 @@ predicate varref_sanity(string clsname, string problem, string what) {
 }
 
 from string clsname, string problem, string what
-where ast_sanity(clsname, problem, what) or
-      location_sanity(clsname, problem, what) or
-      scope_sanity(clsname, problem, what) or
-      cfg_sanity(clsname, problem, what) or
-      jsdoc_sanity(clsname, problem, what) or
-      varref_sanity(clsname, problem, what)
+where
+  ast_sanity(clsname, problem, what) or
+  location_sanity(clsname, problem, what) or
+  scope_sanity(clsname, problem, what) or
+  cfg_sanity(clsname, problem, what) or
+  jsdoc_sanity(clsname, problem, what) or
+  varref_sanity(clsname, problem, what)
 select clsname + " " + what + " has " + problem

javascript/ql/src/meta/analysis-quality/UnpromotedRouteHandlerCandidate.ql

@@ -7,11 +7,14 @@
  * @id js/unpromoted-route-handler-candidate
  * @tags analysis-quality
  */
+
 import javascript
 
 from HTTP::RouteHandlerCandidate rh
-where not rh instanceof HTTP::RouteHandler and
-      not exists (HTTP::RouteSetupCandidate setup |
-        rh.(DataFlow::TrackedNode).flowsTo(setup.getARouteHandlerArg())
-      )
-select rh, "A `RouteHandlerCandidate` that did not get promoted to `RouteHandler`, and it is not used in a `RouteSetupCandidate`."
+where
+  not rh instanceof HTTP::RouteHandler and
+  not exists(HTTP::RouteSetupCandidate setup |
+    rh.(DataFlow::TrackedNode).flowsTo(setup.getARouteHandlerArg())
+  )
+select rh,
+  "A `RouteHandlerCandidate` that did not get promoted to `RouteHandler`, and it is not used in a `RouteSetupCandidate`."

javascript/ql/src/meta/analysis-quality/UnpromotedRouteSetupCandidate.ql

@@ -7,11 +7,14 @@
  * @id js/unpromoted-route-setup-candidate
  * @tags analysis-quality
  */
+
 import javascript
 
 from HTTP::RouteSetupCandidate setup
-where not setup.asExpr() instanceof HTTP::RouteSetup and
-      exists (HTTP::RouteHandlerCandidate rh |
-        rh.(DataFlow::TrackedNode).flowsTo(setup.getARouteHandlerArg())
-      )
-select setup, "A `RouteSetupCandidate` that did not get promoted to `RouteSetup`, and it is using at least one `RouteHandlerCandidate`."
+where
+  not setup.asExpr() instanceof HTTP::RouteSetup and
+  exists(HTTP::RouteHandlerCandidate rh |
+    rh.(DataFlow::TrackedNode).flowsTo(setup.getARouteHandlerArg())
+  )
+select setup,
+  "A `RouteSetupCandidate` that did not get promoted to `RouteSetup`, and it is using at least one `RouteHandlerCandidate`."