Revert "JS: More robust hasUnderlyingType"

This reverts commit 3e5dc1efb7.
Revert "JavaScript: Model chaining calls in sqlite3."
2026-05-16 04:09:27 +02:00 · 2021-07-21 11:31:38 +01:00 · 2021-07-21 11:28:53 +01:00
9 changed files with 5 additions and 32 deletions
--- a/javascript/change-notes/2021-05-10-sqlite3-chaining.md
+++ b/javascript/change-notes/2021-05-10-sqlite3-chaining.md
@@ -1,3 +0,0 @@
-lgtm,codescanning
-* Modelling of chaining methods in the `sqlite3` package has improved, which may lead to
-  additional results from the `js/sql-injection` query.
--- a/javascript/ql/src/semmle/javascript/TypeScript.qll
+++ b/javascript/ql/src/semmle/javascript/TypeScript.qll
@@ -725,7 +725,7 @@ class TypeAccess extends @typeaccess, TypeExpr, TypeRef {
      spec.getImportedName() = exportedName and
      this = spec.getLocal().(TypeDecl).getLocalTypeName().getAnAccess()
      or
-      (spec instanceof ImportNamespaceSpecifier or spec instanceof ImportDefaultSpecifier) and
+      spec instanceof ImportNamespaceSpecifier and
      this =
        spec.getLocal().(LocalNamespaceDecl).getLocalNamespaceName().getAMemberAccess(exportedName)
    )
--- a/javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll
@@ -239,6 +239,7 @@ module DataFlow {
    private TypeAnnotation getFallbackTypeAnnotation() {
      exists(BindingPattern pattern |
        this = valueNode(pattern) and
+        not ast_node_type(pattern, _) and
        result = pattern.getTypeAnnotation()
      )
      or
--- a/javascript/ql/src/semmle/javascript/frameworks/SQL.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/SQL.qll
@@ -341,28 +341,18 @@ private module Sqlite {
    result = sqlite().getMember("verbose").getReturn()
  }

-  /** Gets an expression that constructs or returns a Sqlite database instance. */
+  /** Gets an expression that constructs a Sqlite database instance. */
  API::Node database() {
    // new require('sqlite3').Database()
    result = sqlite().getMember("Database").getInstance()
    or
-    // chained call
-    result = getAChainingQueryCall()
-    or
    result = API::Node::ofType("sqlite3", "Database")
  }

-  /** A call to a query method on a Sqlite database instance that returns the same instance. */
-  private API::Node getAChainingQueryCall() {
-    result = database().getMember(["all", "each", "exec", "get", "run"]).getReturn()
-  }
-
  /** A call to a Sqlite query method. */
  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
    QueryCall() {
-      this = getAChainingQueryCall().getAnImmediateUse()
-      or
-      this = database().getMember("prepare").getACall()
+      this = database().getMember(["all", "each", "exec", "get", "prepare", "run"]).getACall()
    }

    override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
--- a/javascript/ql/test/library-tests/TypeScript/HasUnderlyingType/HasUnderlyingType.expected
+++ b/javascript/ql/test/library-tests/TypeScript/HasUnderlyingType/HasUnderlyingType.expected
@@ -1,6 +1,2 @@
-underlyingTypeNode
-| foo | Bar | foo.ts:3:1:5:1 | use (instance (member Bar (member exports (module foo)))) |
-| foo | Bar | foo.ts:3:12:3:12 | use (instance (member Bar (member exports (module foo)))) |
-#select
 | tst.ts:8:14:8:16 | arg | Base in global scope |
 | tst.ts:8:14:8:16 | arg | Sub in global scope |
--- a/javascript/ql/test/library-tests/TypeScript/HasUnderlyingType/HasUnderlyingType.ql
+++ b/javascript/ql/test/library-tests/TypeScript/HasUnderlyingType/HasUnderlyingType.ql
@@ -3,7 +3,3 @@ import javascript
 from Expr e, TypeName typeName
 where e.getType().hasUnderlyingTypeName(typeName)
 select e, typeName
-
-query API::Node underlyingTypeNode(string mod, string name) {
-  result = API::Node::ofType(mod, name)
-}
--- a/javascript/ql/test/library-tests/TypeScript/HasUnderlyingType/foo.ts
+++ b/javascript/ql/test/library-tests/TypeScript/HasUnderlyingType/foo.ts
@@ -1,5 +0,0 @@
-import foo from "foo";
-
-function f(x: foo.Bar) {
-  return x;
-}
--- a/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
+++ b/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
@@ -66,6 +66,5 @@
 | spannerImport.js:4:8:4:17 | "SQL code" |
 | sqlite-types.ts:4:12:4:49 | "UPDATE ... id = ?" |
 | sqlite.js:7:8:7:45 | "UPDATE ... id = ?" |
-| sqlite.js:8:8:8:45 | "UPDATE ... id = ?" |
 | sqliteArray.js:6:12:6:49 | "UPDATE ... id = ?" |
 | sqliteImport.js:2:8:2:44 | "UPDATE ... id = ?" |
--- a/javascript/ql/test/library-tests/frameworks/SQL/sqlite.js
+++ b/javascript/ql/test/library-tests/frameworks/SQL/sqlite.js
@@ -4,7 +4,6 @@
 var sqlite = require('sqlite3');

 var db = new sqlite.Database(":memory:");
-db.run("UPDATE tbl SET name = ? WHERE id = ?", "bar", 2)
-  .run("UPDATE tbl SET name = ? WHERE id = ?", "foo", 3);
+db.run("UPDATE tbl SET name = ? WHERE id = ?", "bar", 2);

 exports.db = db;
Author	SHA1	Message	Date
Max Schaefer	152b290bdf	Revert "JS: More robust hasUnderlyingType" This reverts commit `3e5dc1efb7`.	2021-07-21 11:31:38 +01:00
Max Schaefer	044c759682	Revert "JavaScript: Model chaining calls in sqlite3." This reverts commit `8f91e9eba0`.	2021-07-21 11:28:53 +01:00