Apply changes from review sync

refactor remoteflowsources

Author: knewbury01

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll

@@ -345,23 +345,30 @@ class HandlerRegistration extends MethodCallNode {
   predicate isAfter() { methodName = "after" }
 }
 
+/**
+ * A parameter of a handler
+ */
+class HandlerParameter instanceof ParameterNode {
+  Handler handler;
+
+  HandlerParameter() { this = handler.getParameter(0) }
+
+  Handler getHandler() { result = handler }
+
+  string toString() { result = super.toString() }
+}
+
 /**
  * The handler that implements a service's logic to deal with the incoming request or message when a certain event is fired.
  * It is the last argument to the method calls that registers the handler: either `srv.before`, `srv.on`, or `srv.after`.
  * Its first parameter is of type `cds.Event` and handles the event in an asynchronous manner,
  * or is of type `cds.Request` and handles the event synchronously.
  */
 class Handler extends FunctionNode {
-  UserDefinedApplicationService srv;
   HandlerRegistration handlerRegistration;
 
   Handler() { this = handlerRegistration.getAnArgument() }
 
-  /**
-   * Gets the service registering this handler.
-   */
-  UserDefinedApplicationService getDefiningService() { result = srv }
-
   /**
    * Gets a name of one of the event this handler is registered for.
    */
@@ -376,6 +383,8 @@ class Handler extends FunctionNode {
    * Gets the request that this handler is registered for, as represented as its first parameter.
    */
   CdsRequest getRequest() { result = this.getParameter(0) }
+
+  HandlerRegistration getHandlerRegistration() { result = handlerRegistration }
 }
 
 class CdsRequest extends ParameterNode {
@@ -823,7 +832,7 @@ class HandlerParameterData instanceof PropRead {
   string dataName;
 
   HandlerParameterData() {
-    this = handlerParameter.getAPropertyRead("data").getAPropertyRead(dataName)
+    this = handlerParameter.(SourceNode).getAPropertyRead("data").getAPropertyRead(dataName)
   }
 
   /**
@@ -842,7 +851,7 @@ class HandlerParameterData instanceof PropRead {
       CdlActionOrFunction cdlActionOrFunction, HandlerRegistration handlerRegistration
     |
       handlerRegistration = userDefinedApplicationService.getAHandlerRegistration() and
-      handlerRegistration = handlerParameter.getHandlerRegistration() and
+      handlerRegistration = handlerParameter.getHandler().getHandlerRegistration() and
       handlerRegistration.getAnEventName() = cdlActionOrFunction.getUnqualifiedName() and
       cdlActionOrFunction =
         userDefinedApplicationService.getCdsDeclaration().getAnActionOrFunction() and

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll

@@ -2,134 +2,29 @@ import javascript
 import advanced_security.javascript.frameworks.cap.CDS
 
 /**
- * A parameter of a handler registered for a service on an event. e.g.
- * ```javascript
- * this.on("SomeEvent", "SomeEntity", (req) => { ... });
- * this.before("SomeEvent", "SomeEntity", (req, next) => { ... }); // only `req` is captured
- * SomeService.on("SomeEvent", "SomeEntity", (msg) => { ... });
- * SomeService.after("SomeEvent", "SomeEntity", (msg) => { ... });
+ * Either a service is known and is exposed
+ * or
+ * there is a handler parameter that is not connected to a service
+ * possibly due to cds compilation failure
+ * or non explicit service references in source
+ * for example:
  * ```
- * All the parameters named `req` and `msg` are captured in the above example.
- *
- * This REQUIRES that a `UserDefinedApplicationService` is explicitly defined.
- */
-class HandlerParameter extends ParameterNode, RemoteFlowSource {
-  Handler handler;
-  HandlerRegistration handlerRegistration;
-
-  HandlerParameter() {
-    exists(UserDefinedApplicationService service |
-      handler = handlerRegistration.getHandler() and
-      this = handler.getParameter(0) and
-      service.getAHandlerRegistration() = handlerRegistration and
-      service.isExposed()
-    )
-  }
-
-  override string getSourceType() {
-    result = "Parameter of an event handler belonging to an exposed service"
-  }
-
-  /**
-   * Gets the handler this is a parameter of.
-   */
-  Handler getHandler() { result = handler }
-
-  /**
-   * Gets the handler registration registering the handler it is a parameter of.
-   */
-  HandlerRegistration getHandlerRegistration() { result = handlerRegistration }
-}
-
-/**
- * A service may be described only in a CDS file, but event handlers may still be registered in a format such as:
- * ```javascript
- * module.exports = srv => {
- *   srv.before('CREATE', 'Media', req => { // an entity name is used to describe which to register this handler to.
- *     ...
- *   });
- * }
- * ```
- * parameters named `req` are captured in the above example.
- *
- * This REQUIRES that a CDS file has successfully compiled
- * AND that a service name is explicitly provided in the handler registration.
- */
-class ServiceinCDSHandlerParameterWithName extends ParameterNode, RemoteFlowSource {
-  ServiceinCDSHandlerParameterWithName() {
-    exists(MethodCallNode m, CdlEntity entity, string entityName |
-      entity.getName().regexpReplaceAll(".*\\.", "") = entityName and
-      (
-        m.getArgument(1).asExpr().getStringValue().regexpReplaceAll("'", "") = entityName
-        or
-        m.getArgument(1).asExpr().(ArrayExpr).getAnElement().toString() = entityName
-      ) and
-      this = m.getArgument(m.getNumArgument() - 1).(FunctionNode).getParameter(0) and
-      m.getMethodName() in ["on", "before", "after"]
-    )
-  }
-
-  override string getSourceType() {
-    result = "Parameter of an event handler belonging to an exposed service defined in a cds file"
-  }
-}
-
-/**
- * A parameter of a handler registered for a service on an event. e.g.
- * ```javascript
  * cds.serve('./test-service').with((srv) => {
- *   srv.before('READ', '*', (req) => req.reply([]))
+ *    srv.after('READ', req => req.target.data) //req
  * })
  * ```
- * The parameter named `req` is captured in the above example.
- *
- * This DOES NOT REQUIRE that a `UserDefinedApplicationService` is explicitly defined and
- * this also DOES NOT REQUIRE that the name is provided explicitly.
  */
-class HandlerParameterImplicitService extends ParameterNode, RemoteFlowSource {
-  Handler handler;
-  HandlerRegistration handlerRegistration;
-
-  HandlerParameterImplicitService() {
-    exists(ServiceInstanceFromServeWithParameter service |
-      handler = handlerRegistration.getHandler() and
-      this = handler.getParameter(0) and
-      service.getAHandlerRegistration() = handlerRegistration and
-      /*
-       * this will otherwise duplicate on the case where we do actually know the
-       * name from the cds file and it matches up
-       * example:
-       * ```
-       * srv.before('READ', 'Service1', (req) => req.reply([]))
-       * ```
-       * where Service1 is also defined in:
-       * Service1.cds
-       * ```
-       * {
-       *   "namespace": "sap.capire.test",
-       *   "definitions": {
-       *     "sap.capire.test.Test": {
-       *       "kind": "entity",
-       * ...
-       * ```
-       * only relevant if you are using the specific type anyhow (as opposed to RemoteFlowSource)
-       */
-
-      not this instanceof ServiceinCDSHandlerParameterWithName
-    )
+class HandlerParameterOfExposedService extends RemoteFlowSource, HandlerParameter {
+  HandlerParameterOfExposedService() {
+    this.getHandler().getHandlerRegistration().getService().getDefinition().isExposed()
+    or
+    /* no precise service definition is known */
+    not exists(this.getHandler().getHandlerRegistration().getService().getDefinition())
   }
 
+  override string toString() { result = HandlerParameter.super.toString() }
+
   override string getSourceType() {
-    result = "Parameter of an event handler belonging to an implicitly defined service"
+    result = "Parameter of an event handler belonging to an exposed service"
   }
-
-  /**
-   * Gets the handler this is a parameter of.
-   */
-  Handler getHandler() { result = handler }
-
-  /**
-   * Gets the handler registration registering the handler it is a parameter of.
-   */
-  HandlerRegistration getHandlerRegistration() { result = handlerRegistration }
 }