JS: Expose hasUnderlyingStringOrAnyType()

asgerf · asgerf · commit b50d88a08273 · 2025-06-10T10:33:54.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Nest.qll b/javascript/ql/lib/semmle/javascript/frameworks/Nest.qll
@@ -337,10 +337,7 @@ module NestJS {
       handler.isReturnValueReflected() and
       this = handler.getAReturn() and
       // Only returned strings are sinks. If we can find a type for the return value, it must be string-like.
-      not exists(NameResolution::Node type |
-        TypeResolution::valueHasType(this.asExpr(), type) and
-        not TypeResolution::hasUnderlyingStringOrAnyType(type)
-      )
+      this.asExpr().getTypeBinding().hasUnderlyingStringOrAnyType()
     }
 
     override Http::RouteHandler getRouteHandler() { result = handler }
diff --git a/javascript/ql/lib/semmle/javascript/internal/BindingInfo.qll b/javascript/ql/lib/semmle/javascript/internal/BindingInfo.qll
@@ -119,6 +119,11 @@ class TypeNameBindingNode extends NameResolution::Node {
   DataFlow::ClassNode getAnUnderlyingClass() {
     UnderlyingTypes::nodeHasUnderlyingClassType(this, result)
   }
+
+  /**
+   * Holds if this type contains `string` or `any`, possibly wrapped in a promise.
+   */
+  predicate hasUnderlyingStringOrAnyType() { TypeResolution::hasUnderlyingStringOrAnyType(this) }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -119,6 +119,11 @@ class TypeNameBindingNode extends NameResolution::Node {`
`119`	`119`	`DataFlow::ClassNode getAnUnderlyingClass() {`
`120`	`120`	`UnderlyingTypes::nodeHasUnderlyingClassType(this, result)`
`121`	`121`	`}`
	`122`	`+`
	`123`	`+ /**`
	`124`	+ * Holds if this type contains `string` or `any`, possibly wrapped in a promise.
	`125`	`+ */`
	`126`	`+ predicate hasUnderlyingStringOrAnyType() { TypeResolution::hasUnderlyingStringOrAnyType(this) }`
`122`	`127`	`}`
`123`	`128`
`124`	`129`	`/**`