Squash stuff

Author: asgerf

javascript/extractor/src/com/semmle/js/extractor/Main.java

@@ -301,6 +301,8 @@ public void setupMatchers(ArgsParser ap) {
     // only extract HTML and JS by default
     addIncludesFor(includes, FileType.HTML);
     addIncludesFor(includes, FileType.JS);
+    includes.add("**/.babelrc*.json");
+
 
     // extract TypeScript if `--typescript` or `--typescript-full` was specified
     if (getTypeScriptMode(ap) != TypeScriptMode.NONE) {

javascript/extractor/src/com/semmle/js/parser/JSONParser.java

@@ -152,9 +152,6 @@ private JSONObject readObject(int startoff, Position start) throws ParseError {
         char c = next();
         switch (c) {
           case '}':
-            if (!needsComma) {
-              raise("Trailing commas are not allowed in JSON.");
-            }
             break out;
           case ',':
             if (!needsComma) {

javascript/ql/lib/definitions.qll

@@ -70,7 +70,7 @@ private predicate importLookup(AstNode path, Module target, string kind) {
   kind = "I" and
   (
     exists(Import i |
-      path = i.getImportedPath() and
+      path = i.getImportedPathExpr() and
       target = i.getImportedModule()
     )
     or

javascript/ql/lib/semmle/javascript/AMD.qll

@@ -61,8 +61,14 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
     result = this.getArgument(1)
   }
 
+  /** DEPRECATED. Use `getDependencyExpr` instead. */
+  deprecated PathExpr getDependency(int i) { result = this.getDependencyExpr(i) }
+
+  /** DEPRECATED. Use `getADependencyExpr` instead. */
+  deprecated PathExpr getADependency() { result = this.getADependencyExpr() }
+
   /** Gets the `i`th dependency of this module definition. */
-  PathExpr getDependency(int i) {
+  Expr getDependencyExpr(int i) {
     exists(Expr expr |
       expr = this.getDependencies().getElement(i) and
       not isPseudoDependency(expr.getStringValue()) and
@@ -71,8 +77,8 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
   }
 
   /** Gets a dependency of this module definition. */
-  PathExpr getADependency() {
-    result = this.getDependency(_) or
+  Expr getADependencyExpr() {
+    result = this.getDependencyExpr(_) or
     result = this.getARequireCall().getAnArgument()
   }
 
@@ -233,7 +239,7 @@ private class AmdDependencyPath extends PathExprCandidate {
 }
 
 /** A constant path element appearing in an AMD dependency expression. */
-private class ConstantAmdDependencyPathElement extends PathExpr, ConstantString {
+deprecated private class ConstantAmdDependencyPathElement extends PathExpr, ConstantString {
   ConstantAmdDependencyPathElement() { this = any(AmdDependencyPath amd).getAPart() }
 
   override string getValue() { result = this.getStringValue() }
@@ -261,11 +267,13 @@ private predicate amdModuleTopLevel(AmdModuleDefinition def, TopLevel tl) {
  * An AMD dependency, viewed as an import.
  */
 private class AmdDependencyImport extends Import {
-  AmdDependencyImport() { this = any(AmdModuleDefinition def).getADependency() }
+  AmdDependencyImport() { this = any(AmdModuleDefinition def).getADependencyExpr() }
 
-  override Module getEnclosingModule() { this = result.(AmdModule).getDefine().getADependency() }
+  override Module getEnclosingModule() {
+    this = result.(AmdModule).getDefine().getADependencyExpr()
+  }
 
-  override PathExpr getImportedPath() { result = this }
+  override Expr getImportedPathExpr() { result = this }
 
   /**
    * Gets a file that looks like it might be the target of this import.
@@ -274,7 +282,7 @@ private class AmdDependencyImport extends Import {
    * adding well-known JavaScript file extensions like `.js`.
    */
   private File guessTarget() {
-    exists(PathString imported, string abspath, string dirname, string basename |
+    exists(FilePath imported, string abspath, string dirname, string basename |
       this.targetCandidate(result, abspath, imported, dirname, basename)
     |
       abspath.regexpMatch(".*/\\Q" + imported + "\\E")
@@ -296,9 +304,9 @@ private class AmdDependencyImport extends Import {
    * `dirname` and `basename` to the dirname and basename (respectively) of `imported`.
    */
   private predicate targetCandidate(
-    File f, string abspath, PathString imported, string dirname, string basename
+    File f, string abspath, FilePath imported, string dirname, string basename
   ) {
-    imported = this.getImportedPath().getValue() and
+    imported = this.getImportedPathString() and
     f.getStem() = imported.getStem() and
     f.getAbsolutePath() = abspath and
     dirname = imported.getDirName() and

javascript/ql/lib/semmle/javascript/ES2015Modules.qll

@@ -2,6 +2,7 @@
 
 import javascript
 private import semmle.javascript.internal.CachedStages
+private import semmle.javascript.internal.paths.PathExprResolver
 
 /**
  * An ECMAScript 2015 module.
@@ -91,7 +92,12 @@ private predicate hasDefaultExport(ES2015Module mod) {
 class ImportDeclaration extends Stmt, Import, @import_declaration {
   override ES2015Module getEnclosingModule() { result = this.getTopLevel() }
 
-  override PathExpr getImportedPath() { result = this.getChildExpr(-1) }
+  /**
+   * Internal use only. Use `getImportedPathExpr` instead.
+   */
+  string getRawImportPath() { result = this.getChildExpr(-1).getStringValue() }
+
+  override Expr getImportedPathExpr() { result = this.getChildExpr(-1) }
 
   /**
    * Gets the object literal passed as part of the `with` (or `assert`) clause in this import declaration.
@@ -149,7 +155,7 @@ class ImportDeclaration extends Stmt, Import, @import_declaration {
 }
 
 /** A literal path expression appearing in an `import` declaration. */
-private class LiteralImportPath extends PathExpr, ConstantString {
+deprecated private class LiteralImportPath extends PathExpr, ConstantString {
   LiteralImportPath() { exists(ImportDeclaration req | this = req.getChildExpr(-1)) }
 
   override string getValue() { result = this.getStringValue() }
@@ -725,27 +731,12 @@ abstract class ReExportDeclaration extends ExportDeclaration {
   cached
   Module getReExportedModule() {
     Stages::Imports::ref() and
-    result.getFile() = this.getEnclosingModule().resolve(this.getImportedPath())
-    or
-    result = this.resolveFromTypeRoot()
-  }
-
-  /**
-   * Gets a module in a `node_modules/@types/` folder that matches the imported module name.
-   */
-  private Module resolveFromTypeRoot() {
-    result.getFile() =
-      min(TypeRootFolder typeRoot |
-        |
-        typeRoot.getModuleFile(this.getImportedPath().getStringValue())
-        order by
-          typeRoot.getSearchPriority(this.getFile().getParentContainer())
-      )
+    result.getFile() = ImportPathResolver::resolveExpr(this.getImportedPath())
   }
 }
 
 /** A literal path expression appearing in a re-export declaration. */
-private class LiteralReExportPath extends PathExpr, ConstantString {
+deprecated private class LiteralReExportPath extends PathExpr, ConstantString {
   LiteralReExportPath() { exists(ReExportDeclaration bred | this = bred.getImportedPath()) }
 
   override string getValue() { result = this.getStringValue() }

javascript/ql/lib/semmle/javascript/Expr.qll

@@ -2821,7 +2821,7 @@ class DynamicImportExpr extends @dynamic_import, Expr, Import {
     result = this.getSource().getFirstControlFlowNode()
   }
 
-  override PathExpr getImportedPath() { result = this.getSource() }
+  override Expr getImportedPathExpr() { result = this.getSource() }
 
   /**
    * Gets the second "argument" to the import expression, that is, the `Y` in `import(X, Y)`.
@@ -2852,7 +2852,7 @@ class DynamicImportExpr extends @dynamic_import, Expr, Import {
 }
 
 /** A literal path expression appearing in a dynamic import. */
-private class LiteralDynamicImportPath extends PathExpr, ConstantString {
+deprecated private class LiteralDynamicImportPath extends PathExpr, ConstantString {
   LiteralDynamicImportPath() {
     exists(DynamicImportExpr di | this.getParentExpr*() = di.getSource())
   }

javascript/ql/lib/semmle/javascript/HTML.qll

@@ -214,7 +214,7 @@ module HTML {
         result = path.regexpCapture("file://(/.*)", 1)
         or
         not path.regexpMatch("(\\w+:)?//.*") and
-        result = this.getSourcePath().(ScriptSrcPath).resolve(this.getSearchRoot()).toString()
+        result = ResolveScriptSrc::resolve(this.getSearchRoot(), this.getSourcePath()).toString()
       )
     }
 
@@ -274,10 +274,16 @@ module HTML {
     )
   }
 
+  private module ResolverConfig implements Folder::ResolveSig {
+    predicate shouldResolve(Container base, string path) { scriptSrc(path, base) }
+  }
+
+  private module ResolveScriptSrc = Folder::Resolve<ResolverConfig>;
+
   /**
    * A path string arising from the `src` attribute of a `script` tag.
    */
-  private class ScriptSrcPath extends PathString {
+  deprecated private class ScriptSrcPath extends PathString {
     ScriptSrcPath() { scriptSrc(this, _) }
 
     override Folder getARootFolder() { scriptSrc(this, result) }

javascript/ql/lib/semmle/javascript/Modules.qll

@@ -6,7 +6,7 @@
 
 import javascript
 private import semmle.javascript.internal.CachedStages
-private import semmle.javascript.internal.paths.PathExprResolver as PathExprResolver
+private import semmle.javascript.internal.paths.PathExprResolver
 
 /**
  * A module, which may either be an ECMAScript 2015-style module,
@@ -69,7 +69,7 @@ abstract class Module extends TopLevel {
    * This predicate is not part of the public API, it is only exposed to allow
    * overriding by subclasses.
    */
-  predicate searchRoot(PathExpr path, Folder searchRoot, int priority) {
+  deprecated predicate searchRoot(PathExpr path, Folder searchRoot, int priority) {
     path.getEnclosingModule() = this and
     priority = 0 and
     exists(string v | v = path.getValue() |
@@ -90,7 +90,7 @@ abstract class Module extends TopLevel {
    * resolves to a folder containing a main module (such as `index.js`), then
    * that file is the result.
    */
-  File resolve(PathExpr path) {
+  deprecated File resolve(PathExpr path) {
     path.getEnclosingModule() = this and
     (
       // handle the case where the import path is complete
@@ -123,8 +123,14 @@ abstract class Import extends AstNode {
   /** Gets the module in which this import appears. */
   abstract Module getEnclosingModule();
 
+  /** DEPRECATED. Use `getImportedPathExpr` instead. */
+  deprecated PathExpr getImportedPath() { none() }
+
   /** Gets the (unresolved) path that this import refers to. */
-  abstract PathExpr getImportedPath();
+  abstract Expr getImportedPathExpr();
+
+  /** Gets the imported path as a string. */
+  final string getImportedPathString() { result = this.getImportedPathExpr().getStringValue() }
 
   /**
    * Gets an externs module the path of this import resolves to.
@@ -133,40 +139,18 @@ abstract class Import extends AstNode {
    * path is assumed to be a possible target of the import.
    */
   Module resolveExternsImport() {
-    result.isExterns() and result.getName() = this.getImportedPath().getValue()
+    result.isExterns() and result.getName() = this.getImportedPathString()
   }
 
   /**
    * Gets the module the path of this import resolves to.
    */
-  Module resolveImportedPath() {
-    result.getFile() = PathExprResolver::resolvePathExpr(this.getImportedPath())
-  }
-
-  /**
-   * Gets a module with a `@providesModule` JSDoc tag that matches
-   * the imported path.
-   */
-  private Module resolveAsProvidedModule() {
-    exists(JSDocTag tag |
-      tag.getTitle() = "providesModule" and
-      tag.getParent().getComment().getTopLevel() = result and
-      tag.getDescription().trim() = this.getImportedPath().getValue()
-    )
-  }
+  Module resolveImportedPath() { result.getFile() = this.getTargetFile() }
 
   /**
-   * Gets a module in a `node_modules/@types/` folder that matches the imported module name.
+   * Gets the module the path of this import resolves to.
    */
-  private Module resolveFromTypeRoot() {
-    result.getFile() =
-      min(TypeRootFolder typeRoot |
-        |
-        typeRoot.getModuleFile(this.getImportedPath().getValue())
-        order by
-          typeRoot.getSearchPriority(this.getFile().getParentContainer())
-      )
-  }
+  File getTargetFile() { result = ImportPathResolver::resolveExpr(this.getImportedPathExpr()) }
 
   /**
    * DEPRECATED. Use `getImportedModule()` instead.
@@ -191,11 +175,7 @@ abstract class Import extends AstNode {
     Stages::Imports::ref() and
     if exists(this.resolveExternsImport())
     then result = this.resolveExternsImport()
-    else (
-      result = this.resolveAsProvidedModule() or
-      result = this.resolveImportedPath() or
-      result = this.resolveFromTypeRoot()
-    )
+    else result = this.resolveImportedPath()
   }
 
   /**

javascript/ql/lib/semmle/javascript/NPM.qll

@@ -4,6 +4,7 @@
 
 import javascript
 private import NodeModuleResolutionImpl
+private import semmle.javascript.internal.paths.PackageJsonEx
 
 /** A `package.json` configuration object. */
 class PackageJson extends JsonObject {
@@ -93,7 +94,10 @@ class PackageJson extends JsonObject {
    * `module` paths to be exported under the relative path `"."`.
    */
   string getExportedPath(string relativePath) {
-    result = MainModulePath::of(this, relativePath).getValue()
+    this.(PackageJsonEx).hasExactPathMapping(relativePath, result)
+    or
+    relativePath = "." and
+    result = this.(PackageJsonEx).getMainPath()
   }
 
   /** Gets the path of a command defined for this package. */
@@ -220,20 +224,18 @@ class PackageJson extends JsonObject {
   /**
    * Gets the main module of this package.
    */
-  Module getMainModule() { result = this.getExportedModule(".") }
+  Module getMainModule() { result.getFile() = this.(PackageJsonEx).getMainFileOrBestGuess() }
 
   /**
    * Gets the module exported under the given relative path.
    *
    * The main module is considered exported under the path `"."`.
    */
   Module getExportedModule(string relativePath) {
-    result =
-      min(Module m, int prio |
-        m.getFile() = resolveMainModule(this, prio, relativePath)
-      |
-        m order by prio
-      )
+    this.(PackageJsonEx).hasExactPathMappingTo(relativePath, result.getFile())
+    or
+    relativePath = "." and
+    result = this.getMainModule()
   }
 
   /**
@@ -245,19 +247,7 @@ class PackageJson extends JsonObject {
    * Gets the file containing the typings of this package, which can either be from the `types` or
    * `typings` field, or derived from the `main` or `module` fields.
    */
-  File getTypingsFile() {
-    result =
-      TypingsModulePathString::of(this).resolve(this.getFile().getParentContainer()).getContainer()
-    or
-    not exists(TypingsModulePathString::of(this)) and
-    exists(File mainFile |
-      mainFile = this.getMainModule().getFile() and
-      result =
-        mainFile
-            .getParentContainer()
-            .getFile(mainFile.getStem().regexpReplaceAll("\\.d$", "") + ".d.ts")
-    )
-  }
+  File getTypingsFile() { none() } // implemented in PackageJsonEx
 
   /**
    * Gets the module containing the typings of this package, which can either be from the `types` or