From 3804d3fcfdaeed6c2ecb6b250ae1f6561fc00e32 Mon Sep 17 00:00:00 2001
From: Asger Feldthaus <asgerf@github.com>
Date: Thu, 2 Apr 2020 13:21:34 +0100
Subject: [PATCH] JS: Remove Import->SourceNode dependency from lazy cache

---
 .../javascript/frameworks/LazyCache.qll       | 35 +++++++++++++++++--
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll b/javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll
index b8c1c1e0c1f..0477c14acac 100644
--- a/javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/LazyCache.qll
@@ -6,8 +6,11 @@ import javascript
 
 module LazyCache {
   /**
+   * DEPRECATED. DO NOT USE.
+   *
    * A lazy-cache object, usually created through an expression of form `require('lazy-cache')(require)`.
    */
+  deprecated
   class LazyCacheObject extends DataFlow::SourceNode {
     LazyCacheObject() {
       // Use `require` directly instead of `moduleImport` to avoid recursion.
@@ -19,13 +22,26 @@ module LazyCache {
     }
   }
 
+  /**
+   * A variable containing a lazy-cache object.
+   */
+  class LazyCacheVariable extends LocalVariable {
+    LazyCacheVariable() {
+      // To avoid recursion, this should not depend on `SourceNode`.
+      exists(Require req |
+        req.getArgument(0).getStringValue() = "lazy-cache" and
+        getAnAssignedExpr().(CallExpr).getCallee() = req
+      )
+    }
+  }
+
   /**
    * An import through `lazy-cache`.
    */
   class LazyCacheImport extends CallExpr, Import {
-    LazyCacheObject cache;
+    LazyCacheVariable cache;
 
-    LazyCacheImport() { this = cache.getACall().asExpr() }
+    LazyCacheImport() { getCallee() = cache.getAnAccess() }
 
     /** Gets the name of the package as it's exposed on the lazy-cache object. */
     string getLocalAlias() {
@@ -39,10 +55,23 @@ module LazyCache {
 
     override PathExpr getImportedPath() { result = getArgument(0) }
 
+    private LazyCacheVariable getVariable() {
+      result = cache
+    }
+
+    pragma[noopt]
     override DataFlow::Node getImportedModuleNode() {
+      this instanceof LazyCacheImport and
       result = this.flow()
       or
-      result = cache.getAPropertyRead(getLocalAlias())
+      exists(LazyCacheVariable variable, Expr base, PropAccess access, string localName |
+        variable = getVariable() and
+        base = variable.getAnAccess() and
+        access.getBase() = base and
+        localName = getLocalAlias() and
+        access.getPropertyName() = localName and
+        result = access.flow()
+      )
     }
   }