From 6897dda6145ac71d71b2a1b71f8df72daad4450a Mon Sep 17 00:00:00 2001
From: Erik Krogh Kristensen <erik-krogh@github.com>
Date: Thu, 23 Apr 2020 13:47:58 +0200
Subject: [PATCH] model that `this` in $().each(callback) is a DOM-node

---
 javascript/ql/src/semmle/javascript/DOM.qll | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/javascript/ql/src/semmle/javascript/DOM.qll b/javascript/ql/src/semmle/javascript/DOM.qll
index fcce5a4759f..6d3e1cf8758 100644
--- a/javascript/ql/src/semmle/javascript/DOM.qll
+++ b/javascript/ql/src/semmle/javascript/DOM.qll
@@ -305,6 +305,14 @@ module DOM {
           call.getNumArgument() = 1 and
           forex(InferredType t | t = call.getArgument(0).analyze().getAType() | t = TTNumber())
         )
+        or
+        // A `this` node from a callback given to a `$().each(callback)` call.
+        exists(DataFlow::MethodCallNode eachCall |
+          eachCall.getMethodName() = "each" and
+          eachCall.getReceiver().getALocalSource() = JQuery::objectRef() // purposely not using JQuery::MethodCall to avoid `jquery.each()`. 
+        |
+          this = DataFlow::thisNode(eachCall.getCallback(0).getFunction())
+        )
       }
     }
   }