Merge pull request #8297 from erik-krogh/atmPerf

JS: Fix ATM timeout on NodeJS

Author: tiferet

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll

@@ -120,13 +120,17 @@ predicate isBaseAdditionalFlowStep(
 }
 
 /**
+ * Gets a value that is (transitively) written to `query`, where `query` is a NoSQL sink.
+ *
  * This predicate allows us to propagate data flow through property writes and array constructors
  * within a query object, enabling the security query to pick up NoSQL injection vulnerabilities
  * involving more complex queries.
  */
 DataFlow::Node getASubexpressionWithinQuery(DataFlow::Node query) {
+  any(NosqlInjectionATMConfig cfg).isEffectiveSink(query) and
   exists(DataFlow::SourceNode receiver |
-    receiver.flowsTo(getASubexpressionWithinQuery*(query.getALocalSource())) and
+    receiver = [getASubexpressionWithinQuery(query), query].getALocalSource()
+  |
     result =
       [receiver.getAPropertyWrite().getRhs(), receiver.(DataFlow::ArrayCreationNode).getAnElement()]
   )

javascript/ql/lib/semmle/javascript/frameworks/Testing.qll

@@ -39,12 +39,14 @@ class BDDTest extends Test, @call_expr {
 }
 
 /**
- * Gets the test file for `f` with stem extension `stemExt`.
- * That is, a file named file named `<base>.<stemExt>.<ext>` in the
+ * Gets the test file for `f` with stem extension `stemExt`, where `stemExt` is "test" or "spec".
+ * That is, a file named `<base>.<stemExt>.<ext>` in the
  * same directory as `f` which is named `<base>.<ext>`.
  */
-bindingset[stemExt]
+pragma[noinline]
 File getTestFile(File f, string stemExt) {
+  stemExt = ["test", "spec"] and
+  result.getBaseName().regexpMatch(".*\\.(test|spec)\\..*") and
   result = f.getParentContainer().getFile(f.getStem() + "." + stemExt + "." + f.getExtension())
 }