change ServerDefinition to a DataFlow::Node

Author: erik-krogh

javascript/ql/lib/semmle/javascript/frameworks/Connect.qll

@@ -10,10 +10,10 @@ module Connect {
   /**
    * An expression that creates a new Connect server.
    */
-  class ServerDefinition extends HTTP::Servers::StandardServerDefinition, CallExpr {
+  class ServerDefinition extends HTTP::Servers::StandardServerDefinition, DataFlow::CallNode {
     ServerDefinition() {
       // `app = connect()`
-      this = DataFlow::moduleImport("connect").getAnInvocation().asExpr()
+      this = DataFlow::moduleImport("connect").getAnInvocation()
     }
   }
 
@@ -69,7 +69,7 @@ module Connect {
         server.ref().flowsToExpr(getReceiver())
         or
         // app.use(...).use(fun)
-        this.getReceiver().(RouteSetup).getServer() = server
+        this.getReceiver().(RouteSetup).getServer() = server.asExpr()
       )
     }
 
@@ -84,7 +84,7 @@ module Connect {
       exists(DataFlow::TypeBackTracker t2 | result = getARouteHandler(t2).backtrack(t2, t))
     }
 
-    override Expr getServer() { result = server }
+    override Expr getServer() { result = server.asExpr() }
 
     /** Gets an argument that represents a route handler being registered. */
     Expr getARouteHandlerExpr() { result = getAnArgument() }

javascript/ql/lib/semmle/javascript/frameworks/Express.qll

@@ -199,7 +199,10 @@ module Express {
       )
     }
 
-    override Expr getServer() { result.(Application).getARouteHandler() = this.getARouteHandler() }
+    override Expr getServer() {
+      any(DataFlow::Node n | n.asExpr() = result).(Application).getARouteHandler() =
+        this.getARouteHandler()
+    }
 
     /**
      * Gets the HTTP request type this is registered for, if any.
@@ -823,20 +826,21 @@ module Express {
    * An Express server application.
    */
   private class Application extends HTTP::ServerDefinition {
-    Application() { this = appCreation().asExpr() }
+    Application() { this = appCreation() }
 
     /**
      * Gets a route handler of the application, regardless of nesting.
      */
     override HTTP::RouteHandler getARouteHandler() {
-      result = this.(RouterDefinition).getASubRouter*().getARouteHandler()
+      result = this.asExpr().(RouterDefinition).getASubRouter*().getARouteHandler()
     }
   }
 
   /**
    * An Express router.
    */
   class RouterDefinition extends InvokeExpr {
+    // TODO: DataFlow::Node
     RouterDefinition() { this = routerCreation().asExpr() }
 
     private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {

javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll

@@ -18,9 +18,7 @@ module Fastify {
    * A standard way to create a Fastify server.
    */
   class StandardServerDefinition extends ServerDefinition {
-    StandardServerDefinition() {
-      this = DataFlow::moduleImport("fastify").getAnInvocation().asExpr()
-    }
+    StandardServerDefinition() { this = DataFlow::moduleImport("fastify").getAnInvocation() }
   }
 
   /** Gets a data flow node referring to a fastify server. */
@@ -139,7 +137,7 @@ module Fastify {
     string methodName;
 
     RouteSetup() {
-      this = server(server.flow()).getAMethodCall(methodName).asExpr() and
+      this = server(server).getAMethodCall(methodName).asExpr() and
       methodName = ["route", "get", "head", "post", "put", "delete", "options", "patch"]
     }
 
@@ -154,7 +152,7 @@ module Fastify {
       exists(DataFlow::TypeBackTracker t2 | result = this.getARouteHandler(t2).backtrack(t2, t))
     }
 
-    override Expr getServer() { result = server }
+    override Expr getServer() { result = server.asExpr() }
 
     /** Gets an argument that represents a route handler being registered. */
     DataFlow::Node getARouteHandlerExpr() {

javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll

@@ -174,7 +174,7 @@ module HTTP {
   /**
    * An expression that creates a new server.
    */
-  abstract class ServerDefinition extends Expr {
+  abstract class ServerDefinition extends DataFlow::Node {
     /**
      * Gets a route handler of the server.
      */
@@ -242,7 +242,7 @@ module HTTP {
   /**
    * An expression that sets up a route on a server.
    */
-  abstract class RouteSetup extends Expr { }
+  abstract class RouteSetup extends Expr { } // TODO: DataFlow::Node
 
   /**
    * An expression that may contain a request object.
@@ -275,11 +275,13 @@ module HTTP {
      * A standard server definition.
      */
     abstract class StandardServerDefinition extends ServerDefinition {
-      override RouteHandler getARouteHandler() { result.(StandardRouteHandler).getServer() = this }
+      override RouteHandler getARouteHandler() {
+        result.(StandardRouteHandler).getServer() = this.asExpr()
+      }
 
       private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
         t.start() and
-        result = DataFlow::exprNode(this)
+        result = this.getALocalSource()
         or
         exists(DataFlow::TypeTracker t2 | result = this.ref(t2).track(t2, t))
       }
@@ -307,6 +309,7 @@ module HTTP {
        * Gets the server this route handler is registered on.
        */
       Expr getServer() {
+        // TODO: DataFlow::Node
         exists(StandardRouteSetup setup | setup.getARouteHandler() = this |
           result = setup.getServer()
         )
@@ -411,7 +414,7 @@ module HTTP {
       /**
        * Gets the server on which this route setup sets up routes.
        */
-      abstract Expr getServer();
+      abstract Expr getServer(); // TODO: DataFlow::Node
     }
 
     /**

javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll

@@ -9,10 +9,10 @@ module Hapi {
   /**
    * An expression that creates a new Hapi server.
    */
-  class ServerDefinition extends HTTP::Servers::StandardServerDefinition, NewExpr {
+  class ServerDefinition extends HTTP::Servers::StandardServerDefinition, DataFlow::NewNode {
     ServerDefinition() {
       // `server = new Hapi.Server()`
-      this = DataFlow::moduleMember("hapi", "Server").getAnInstantiation().asExpr()
+      this = DataFlow::moduleMember("hapi", "Server").getAnInstantiation()
     }
   }
 
@@ -219,7 +219,7 @@ module Hapi {
 
     Expr getRouteHandlerExpr() { result = handler }
 
-    override Expr getServer() { result = server }
+    override Expr getServer() { result = server.asExpr() }
   }
 
   /**

javascript/ql/lib/semmle/javascript/frameworks/Koa.qll

@@ -9,10 +9,10 @@ module Koa {
   /**
    * An expression that creates a new Koa application.
    */
-  class AppDefinition extends HTTP::Servers::StandardServerDefinition, InvokeExpr {
+  class AppDefinition extends HTTP::Servers::StandardServerDefinition, DataFlow::InvokeNode {
     AppDefinition() {
       // `app = new Koa()` / `app = Koa()`
-      this = DataFlow::moduleImport("koa").getAnInvocation().asExpr()
+      this = DataFlow::moduleImport("koa").getAnInvocation()
     }
   }
 
@@ -401,7 +401,7 @@ module Koa {
       result.(RouteHandler).getARouteHandlerRegistrationObject().flowsToExpr(this.getArgument(0))
     }
 
-    override Expr getServer() { result = server }
+    override Expr getServer() { result = server.asExpr() }
   }
 
   /**

javascript/ql/lib/semmle/javascript/frameworks/LiveServer.qll

@@ -10,9 +10,9 @@ private module LiveServer {
    * An expression that imports the live-server package, seen as a server-definition.
    */
   class ServerDefinition extends HTTP::Servers::StandardServerDefinition {
-    ServerDefinition() { this = DataFlow::moduleImport("live-server").asExpr() }
+    ServerDefinition() { this = DataFlow::moduleImport("live-server") }
 
-    API::Node getImportNode() { result.asSource().asExpr() = this }
+    API::Node getImportNode() { result.asSource() = this }
   }
 
   /**
@@ -49,6 +49,6 @@ private module LiveServer {
       )
     }
 
-    override Expr getServer() { result = server }
+    override Expr getServer() { result = server.asExpr() }
   }
 }

javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll

@@ -50,6 +50,7 @@ module NodeJSLib {
    * Holds if `call` is an invocation of `http.createServer` or `https.createServer`.
    */
   predicate isCreateServer(CallExpr call) {
+    // TODO: DataFlow::Node
     exists(string pkg, string fn |
       pkg = "http" and fn = "createServer"
       or
@@ -248,7 +249,7 @@ module NodeJSLib {
       )
     }
 
-    override Expr getServer() { result = server }
+    override Expr getServer() { result = server.asExpr() }
 
     /**
      * Gets the expression for the handler registered by this setup.
@@ -378,7 +379,7 @@ module NodeJSLib {
    * An expression that creates a new Node.js server.
    */
   class ServerDefinition extends HTTP::Servers::StandardServerDefinition {
-    ServerDefinition() { isCreateServer(this) }
+    ServerDefinition() { isCreateServer(this.asExpr()) }
   }
 
   /** An expression that is passed as `http.request({ auth: <expr> }, ...)`. */

javascript/ql/lib/semmle/javascript/frameworks/Restify.qll

@@ -9,10 +9,10 @@ module Restify {
   /**
    * An expression that creates a new Restify server.
    */
-  class ServerDefinition extends HTTP::Servers::StandardServerDefinition, CallExpr {
+  class ServerDefinition extends HTTP::Servers::StandardServerDefinition, DataFlow::CallNode {
     ServerDefinition() {
       // `server = restify.createServer()`
-      this = DataFlow::moduleMember("restify", "createServer").getACall().asExpr()
+      this = DataFlow::moduleMember("restify", "createServer").getACall()
     }
   }
 
@@ -154,6 +154,6 @@ module Restify {
 
     override DataFlow::SourceNode getARouteHandler() { result.flowsToExpr(getArgument(1)) }
 
-    override Expr getServer() { result = server }
+    override Expr getServer() { result = server.asExpr() }
   }
 }