Updated getAServer with API graphs.

Napalys · Napalys · commit 742d33dca42d · 2025-04-04T09:34:43.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll
@@ -218,19 +218,19 @@ module ServerWebSocket {
   /**
    * Gets a server created by a library named `library`.
    */
-  DataFlow::SourceNode getAServer(LibraryName library) {
+  API::InvokeNode getAServer(LibraryName library) {
     library = ws() and
-    result = DataFlow::moduleImport("ws").getAConstructorInvocation("Server")
+    result = API::moduleImport("ws").getMember("Server").getAnInvocation()
     or
     library = sockjs() and
-    result = DataFlow::moduleImport("sockjs").getAMemberCall("createServer")
+    result = API::moduleImport("sockjs").getMember("createServer").getAnInvocation()
   }
 
   /**
    * Gets a `socket.on("connection", (msg, req) => {})` call.
    */
   private DataFlow::CallNode getAConnectionCall(LibraryName library) {
-    result = getAServer(library).getAMemberCall(EventEmitter::on()) and
+    result = getAServer(library).getReturn().getMember(EventEmitter::on()).getACall() and
     result.getArgument(0).mayHaveStringValue("connection")
   }
 
diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js
@@ -3,21 +3,21 @@ const { MyWebSocketServer, myWebSocketServerInstance } = require('./server.js');
 (function () {
 	const wss = new MyWebSocketServer({ port: 8080 });
 
-	wss.on('connection', function connection(ws) { // $ MISSING: serverSocket
-		ws.on('message', function incoming(message) { // $ MISSING: remoteFlow
+	wss.on('connection', function connection(ws) { // $ serverSocket
+		ws.on('message', function incoming(message) { // $ remoteFlow
 			console.log('received: %s', message);
-		}); // $ MISSING: serverReceive
+		}); // $ serverReceive
 
-		ws.send('Hi from server!'); // $ MISSING: serverSend
+		ws.send('Hi from server!'); // $ serverSend
 	});
 })();
 
 (function () {
-	myWebSocketServerInstance.on('connection', function connection(ws) { // $ MISSING: serverSocket
-		ws.on('message', function incoming(message) { // $ MISSING: remoteFlow
+	myWebSocketServerInstance.on('connection', function connection(ws) { // $ serverSocket
+		ws.on('message', function incoming(message) { // $ remoteFlow
 			console.log('received: %s', message);
-		}); // $ MISSING: serverReceive
+		}); // $ serverReceive
 
-		ws.send('Hi from server!'); // $ MISSING: serverSend
+		ws.send('Hi from server!'); // $ serverSend
 	});
 })();
diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected
@@ -40,17 +40,55 @@ flowSteps
 | browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS |
 | browser-custom.js:1:33:1:51 | myWebSocketInstance | browser-custom.js:1:33:1:51 | myWebSocketInstance |
 | browser-custom.js:1:54:1:69 | mySockJSInstance | browser-custom.js:1:54:1:69 | mySockJSInstance |
+| browser-custom.js:7:15:7:32 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message |
+| browser-custom.js:7:15:7:32 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message |
 | browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message |
 | browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message |
+| browser-custom.js:39:34:39:51 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message |
+| browser-custom.js:39:34:39:51 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message |
 | browser-custom.js:39:34:39:51 | 'Hi from browser!' | server.js:7:38:7:44 | message |
 | browser-custom.js:54:31:54:36 | 'test' | sockjs.js:9:31:9:37 | message |
+| browser.js:5:15:5:32 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message |
+| browser.js:5:15:5:32 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message |
 | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message |
 | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message |
+| client-custom.js:7:11:7:27 | 'Hi from client!' | server-custom.js:7:38:7:44 | message |
+| client-custom.js:7:11:7:27 | 'Hi from client!' | server-custom.js:17:38:17:44 | message |
 | client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message |
+| client-custom.js:17:30:17:46 | 'Hi from client!' | server-custom.js:7:38:7:44 | message |
+| client-custom.js:17:30:17:46 | 'Hi from client!' | server-custom.js:17:38:17:44 | message |
 | client-custom.js:17:30:17:46 | 'Hi from client!' | server.js:7:38:7:44 | message |
+| client.js:7:11:7:27 | 'Hi from client!' | server-custom.js:7:38:7:44 | message |
+| client.js:7:11:7:27 | 'Hi from client!' | server-custom.js:17:38:17:44 | message |
 | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message |
 | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS |
 | client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:27:26:27:31 | e.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:58:32:58:37 | e.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | browser.js:25:26:25:31 | e.data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | client-custom.js:20:56:20:59 | data |
+| server-custom.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:27:26:27:31 | e.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:58:32:58:37 | e.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | browser.js:25:26:25:31 | e.data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | client-custom.js:20:56:20:59 | data |
+| server-custom.js:21:11:21:27 | 'Hi from server!' | client.js:10:37:10:40 | data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data |
 | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:27:26:27:31 | e.data |
@@ -77,14 +115,22 @@ flowSteps
 | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data |
 | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data |
 remoteFlow
+| server-custom.js:7:38:7:44 | message |
+| server-custom.js:17:38:17:44 | message |
 | server.js:7:38:7:44 | message |
 | sockjs.js:9:31:9:37 | message |
 serverReceive
+| server-custom.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) |
+| server-custom.js:17:3:19:4 | ws.on(' ... );\\n\\t\\t}) |
 | server.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) |
 | sockjs.js:9:5:12:6 | conn.on ... \\n    }) |
 serverSend
+| server-custom.js:11:3:11:28 | ws.send ... rver!') |
+| server-custom.js:21:3:21:28 | ws.send ... rver!') |
 | server.js:11:3:11:28 | ws.send ... rver!') |
 | sockjs.js:11:9:11:51 | conn.wr ... test))) |
 serverSocket
+| server-custom.js:6:43:6:44 | ws |
+| server-custom.js:16:65:16:66 | ws |
 | server.js:6:43:6:44 | ws |
 | sockjs.js:8:40:8:43 | conn |
