From b12e255fd8ff8b3358feb24a4320de094bb1445a Mon Sep 17 00:00:00 2001
From: Erik Krogh Kristensen <erik-krogh@github.com>
Date: Tue, 29 Oct 2019 11:45:54 +0100
Subject: [PATCH] add indirect calls to logging methods as logging methods

---
 .../semmle/javascript/frameworks/Logging.qll  | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/javascript/ql/src/semmle/javascript/frameworks/Logging.qll b/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
index 28e7b833c69..b8de5f09cbd 100644
--- a/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
@@ -62,7 +62,40 @@ private module Console {
       then result = getArgument([1 .. getNumArgument()])
       else result = getAnArgument()
     }
+
+    /**
+     * Gets the name of the console logging method, e.g. "log", "error", "assert", etc.
+     */
+    string getName() {
+      result = name
+    }
   }
+
+ /**
+  * A call to a function that forwards all arguments to some console logging mechanism.
+  * The called function contain a single statement similar to: `console.log.apply(this, arguments)`.
+  */
+ class IndirectConsoleLoggerCall extends LoggerCall {
+   ConsoleLoggerCall consoleCall;
+   DataFlow::MethodCallNode applyCall;
+
+   IndirectConsoleLoggerCall() {
+     forex(Function f | f = this.getACallee() |
+       f.getNumBodyStmt() = 1 and
+       consoleCall.getContainer() = f and
+       applyCall.getContainer() = f and
+       applyCall.getMethodName() = "apply" and
+       applyCall.getReceiver() = consoleCall.getCalleeNode() and
+       applyCall.getArgument(1).asExpr().(VarAccess).getName() = "arguments"
+     )
+   }
+
+   override DataFlow::Node getAMessageComponent() {
+      if consoleCall.getName() = "assert"
+      then result = getArgument([1 .. getNumArgument()])
+      else result = getAnArgument()
+   }
+ }
 }
 
 /**