JavaScript: Fix modelling of Buffer base64 encoders and decoders.

javascript/ql/src/semmle/javascript/Base64.qll

@@ -97,23 +97,11 @@ private class Atob extends Base64::Decode::Range, DataFlow::CallNode {
   override DataFlow::Node getOutput() { result = this }
 }
 
-/** A call to `Buffer.from` with encoding `base64`. */
-private class Buffer_from extends Base64::Encode::Range, DataFlow::CallNode {
-  Buffer_from() {
-    this = DataFlow::globalVarRef("Buffer").getAMemberCall("from") and
-    getArgument(1).mayHaveStringValue("base64")
-  }
-
-  override DataFlow::Node getInput() { result = getArgument(0) }
-
-  override DataFlow::Node getOutput() { result = this }
-}
-
 /**
  * A call to `Buffer.prototype.toString` with encoding `base64`, approximated by
  * looking for calls to `toString` where the first argument is the string `"base64"`.
  */
-private class Buffer_toString extends Base64::Decode::Range, DataFlow::MethodCallNode {
+private class Buffer_toString extends Base64::Encode::Range, DataFlow::MethodCallNode {
   Buffer_toString() {
     getMethodName() = "toString" and
     getArgument(0).mayHaveStringValue("base64")
@@ -124,6 +112,18 @@ private class Buffer_toString extends Base64::Decode::Range, DataFlow::MethodCal
   override DataFlow::Node getOutput() { result = this }
 }
 
+/** A call to `Buffer.from` with encoding `base64`. */
+private class Buffer_from extends Base64::Decode::Range, DataFlow::CallNode {
+  Buffer_from() {
+    this = DataFlow::globalVarRef("Buffer").getAMemberCall("from") and
+    getArgument(1).mayHaveStringValue("base64")
+  }
+
+  override DataFlow::Node getInput() { result = getArgument(0) }
+
+  override DataFlow::Node getOutput() { result = this }
+}
+
 /**
  * A call to a base64 encoding function from one of the npm packages
  * `base-64`, `js-base64`, `Base64`, or `base64-js`.