JS: Overlay annotations for AST layer

Author: asgerf

javascript/ql/lib/Expressions/ExprHasNoEffect.qll

@@ -1,6 +1,8 @@
 /**
  * Provides classes and predicates for the 'js/useless-expression' query.
  */
+overlay[local]
+module;
 
 import javascript
 import DOMProperties
@@ -60,6 +62,7 @@ predicate isDeclaration(Expr e) {
 /**
  * Holds if there exists a getter for a property called `name` anywhere in the program.
  */
+overlay[global]
 predicate isGetterProperty(string name) {
   // there is a call of the form `Object.defineProperty(..., name, descriptor)` ...
   exists(CallToObjectDefineProperty defProp | name = defProp.getPropertyName() |
@@ -85,6 +88,7 @@ predicate isGetterProperty(string name) {
 /**
  * A property access that may invoke a getter.
  */
+overlay[global]
 class GetterPropertyAccess extends PropAccess {
   override predicate isImpure() { isGetterProperty(this.getPropertyName()) }
 }
@@ -123,6 +127,7 @@ predicate isReceiverSuppressingCall(CallExpr c, Expr dummy, PropAccess callee) {
  * even if they do, the call itself is useless and should be flagged by this
  * query.
  */
+overlay[global]
 predicate noSideEffects(Expr e) {
   e.isPure()
   or
@@ -148,6 +153,7 @@ predicate isCompoundExpression(Expr e) {
 /**
  * Holds if the expression `e` should be reported as having no effect.
  */
+overlay[global]
 predicate hasNoEffect(Expr e) {
   noSideEffects(e) and
   inVoidContext(e) and

javascript/ql/lib/semmle/javascript/AMD.qll

@@ -2,6 +2,8 @@
  * Provides classes for working with
  * [Asynchronous Module Definitions](https://github.com/amdjs/amdjs-api/wiki/AMD).
  */
+overlay[local]
+module;
 
 import javascript
 private import semmle.javascript.internal.CachedStages
@@ -62,9 +64,11 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
   }
 
   /** DEPRECATED. Use `getDependencyExpr` instead. */
+  overlay[global]
   deprecated PathExpr getDependency(int i) { result = this.getDependencyExpr(i) }
 
   /** DEPRECATED. Use `getADependencyExpr` instead. */
+  overlay[global]
   deprecated PathExpr getADependency() { result = this.getADependencyExpr() }
 
   /** Gets the `i`th dependency of this module definition. */
@@ -194,16 +198,19 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
    * Gets an abstract value representing one or more values that may flow
    * into this module's `module.exports` property.
    */
+  overlay[global]
   DefiniteAbstractValue getAModuleExportsValue() {
     result = [this.getAnImplicitExportsValue(), this.getAnExplicitExportsValue()]
   }
 
+  overlay[global]
   pragma[noinline, nomagic]
   private AbstractValue getAnImplicitExportsValue() {
     // implicit exports: anything that is returned from the factory function
     result = this.getModuleExpr().analyze().getAValue()
   }
 
+  overlay[global]
   pragma[noinline]
   private AbstractValue getAnExplicitExportsValue() {
     // explicit exports: anything assigned to `module.exports`
@@ -227,6 +234,7 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range
 private predicate isPseudoDependency(string s) { s = ["exports", "require", "module"] }
 
 /** An AMD dependency, considered as a path expression. */
+overlay[global]
 private class AmdDependencyPath extends PathExprCandidate {
   AmdDependencyPath() {
     exists(AmdModuleDefinition amd |
@@ -239,6 +247,7 @@ private class AmdDependencyPath extends PathExprCandidate {
 }
 
 /** A constant path element appearing in an AMD dependency expression. */
+overlay[global]
 deprecated private class ConstantAmdDependencyPathElement extends PathExpr, ConstantString {
   ConstantAmdDependencyPathElement() { this = any(AmdDependencyPath amd).getAPart() }
 
@@ -281,6 +290,7 @@ private class AmdDependencyImport extends Import {
    * Specifically, we look for files whose absolute path ends with the imported path, possibly
    * adding well-known JavaScript file extensions like `.js`.
    */
+  overlay[global]
   private File guessTarget() {
     exists(FilePath imported, string abspath, string dirname, string basename |
       this.targetCandidate(result, abspath, imported, dirname, basename)
@@ -303,6 +313,7 @@ private class AmdDependencyImport extends Import {
    * Additionally, `abspath` is bound to the absolute path of `f`, `imported` to the imported path, and
    * `dirname` and `basename` to the dirname and basename (respectively) of `imported`.
    */
+  overlay[global]
   private predicate targetCandidate(
     File f, string abspath, FilePath imported, string dirname, string basename
   ) {
@@ -316,10 +327,12 @@ private class AmdDependencyImport extends Import {
   /**
    * Gets the module whose absolute path matches this import, if there is only a single such module.
    */
+  overlay[global]
   private Module resolveByAbsolutePath() {
     result.getFile() = unique(File file | file = this.guessTarget())
   }
 
+  overlay[global]
   override Module getImportedModule() {
     result = super.getImportedModule()
     or
@@ -348,21 +361,20 @@ private class AmdDependencyImport extends Import {
  */
 class AmdModule extends Module {
   cached
-  AmdModule() {
-    Stages::DataFlowStage::ref() and
-    exists(unique(AmdModuleDefinition def | amdModuleTopLevel(def, this)))
-  }
+  AmdModule() { exists(unique(AmdModuleDefinition def | amdModuleTopLevel(def, this))) }
 
   /** Gets the definition of this module. */
   AmdModuleDefinition getDefine() { amdModuleTopLevel(result, this) }
 
+  overlay[global]
   override DataFlow::Node getAnExportedValue(string name) {
     exists(DataFlow::PropWrite pwn | result = pwn.getRhs() |
       pwn.getBase().analyze().getAValue() = this.getDefine().getAModuleExportsValue() and
       name = pwn.getPropertyName()
     )
   }
 
+  overlay[global]
   override DataFlow::Node getABulkExportedNode() {
     // Assigned to `module.exports` via the factory's `module` parameter
     exists(AbstractModuleObject m, DataFlow::PropWrite write |

javascript/ql/lib/semmle/javascript/AST.qll

@@ -1,6 +1,8 @@
 /**
  * Provides classes for working with the AST-based representation of JavaScript programs.
  */
+overlay[local]
+module;
 
 import javascript
 private import internal.StmtContainers
@@ -470,6 +472,7 @@ module AST {
    */
   class ValueNode extends AstNode, @dataflownode {
     /** Gets type inference results for this element. */
+    overlay[global]
     DataFlow::AnalyzedNode analyze() { result = DataFlow::valueNode(this).analyze() }
 
     /** Gets the data flow node associated with this program element. */
@@ -481,6 +484,7 @@ module AST {
      * This can be used to map an expression to the class it refers to, or
      * associate it with a named value coming from an dependency.
      */
+    overlay[global]
     ExprNameBindingNode getNameBinding() { result = this }
 
     /**
@@ -490,6 +494,7 @@ module AST {
      * (according to the type system), or to associate it with a named type coming
      * from a dependency.
      */
+    overlay[global]
     TypeNameBindingNode getTypeBinding() { TypeResolution::valueHasType(this, result) }
   }
 }

javascript/ql/lib/semmle/javascript/CFG.qll

@@ -272,6 +272,8 @@
  * Note that the `import` statement as a whole is part of the CFG of the body, while its single
  * import specifier `x as y` forms part of the preamble.
  */
+overlay[local]
+module;
 
 import javascript
 private import internal.StmtContainers

javascript/ql/lib/semmle/javascript/Classes.qll

@@ -4,6 +4,8 @@
  * Class declarations and class expressions are modeled by (QL) classes `ClassDeclaration`
  * and `ClassExpression`, respectively, which are both subclasses of `ClassDefinition`.
  */
+overlay[local]
+module;
 
 import javascript
 
@@ -119,6 +121,7 @@ class ClassOrInterface extends @class_or_interface, TypeParameterized {
    *
    * Anonymous classes and interfaces do not have a canonical name.
    */
+  overlay[global]
   deprecated TypeName getTypeName() { result.getADefinition() = this }
 
   /**
@@ -253,6 +256,7 @@ class ClassDefinition extends @class_definition, ClassOrInterface, AST::ValueNod
   /**
    * Gets the definition of the super class of this class, if it can be determined.
    */
+  overlay[global]
   ClassDefinition getSuperClassDefinition() {
     result = this.getSuperClass().analyze().getAValue().(AbstractClass).getClass()
   }
@@ -580,6 +584,7 @@ class MemberDeclaration extends @property, Documentable {
   int getMemberIndex() { properties(this, _, result, _, _) }
 
   /** Holds if the name of this member is computed by an impure expression. */
+  overlay[global]
   predicate hasImpureNameExpr() { this.isComputed() and this.getNameExpr().isImpure() }
 
   /**

javascript/ql/lib/semmle/javascript/Closure.qll

@@ -1,6 +1,8 @@
 /**
  * Provides classes for working with the Closure-Library module system.
  */
+overlay[local]
+module;
 
 import javascript
 
@@ -40,13 +42,15 @@ module Closure {
   /**
    * A reference to a Closure namespace.
    */
+  overlay[global]
   deprecated class ClosureNamespaceRef extends DataFlow::Node instanceof ClosureNamespaceRef::Range {
     /**
      * Gets the namespace being referenced.
      */
     string getClosureNamespace() { result = super.getClosureNamespace() }
   }
 
+  overlay[global]
   deprecated module ClosureNamespaceRef {
     /**
      * A reference to a Closure namespace.
@@ -64,9 +68,11 @@ module Closure {
   /**
    * A data flow node that returns the value of a closure namespace.
    */
+  overlay[global]
   deprecated class ClosureNamespaceAccess extends ClosureNamespaceRef instanceof ClosureNamespaceAccess::Range
   { }
 
+  overlay[global]
   deprecated module ClosureNamespaceAccess {
     /**
      * A data flow node that returns the value of a closure namespace.
@@ -79,6 +85,7 @@ module Closure {
   /**
    * A call to a method on the `goog.` namespace, as a closure reference.
    */
+  overlay[global]
   abstract deprecated private class DefaultNamespaceRef extends DataFlow::MethodCallNode,
     ClosureNamespaceRef::Range
   {
@@ -91,13 +98,15 @@ module Closure {
    * Holds if `node` is the data flow node corresponding to the expression in
    * a top-level expression statement.
    */
+  overlay[global]
   deprecated private predicate isTopLevelExpr(DataFlow::Node node) {
     any(TopLevel tl).getAChildStmt().(ExprStmt).getExpr().flow() = node
   }
 
   /**
    * A top-level call to `goog.provide`.
    */
+  overlay[global]
   deprecated private class DefaultClosureProvideCall extends DefaultNamespaceRef {
     DefaultClosureProvideCall() {
       this.getMethodName() = "provide" and
@@ -108,12 +117,14 @@ module Closure {
   /**
    * A top-level call to `goog.provide`.
    */
+  overlay[global]
   deprecated class ClosureProvideCall extends ClosureNamespaceRef, DataFlow::MethodCallNode instanceof DefaultClosureProvideCall
   { }
 
   /**
    * A call to `goog.require`.
    */
+  overlay[global]
   deprecated private class DefaultClosureRequireCall extends DefaultNamespaceRef,
     ClosureNamespaceAccess::Range
   {
@@ -123,12 +134,14 @@ module Closure {
   /**
    * A call to `goog.require`.
    */
+  overlay[global]
   deprecated class ClosureRequireCall extends ClosureNamespaceAccess, DataFlow::MethodCallNode instanceof DefaultClosureRequireCall
   { }
 
   /**
    * A top-level call to `goog.module` or `goog.declareModuleId`.
    */
+  overlay[global]
   deprecated private class DefaultClosureModuleDeclaration extends DefaultNamespaceRef {
     DefaultClosureModuleDeclaration() {
       (this.getMethodName() = "module" or this.getMethodName() = "declareModuleId") and
@@ -139,6 +152,7 @@ module Closure {
   /**
    * A top-level call to `goog.module` or `goog.declareModuleId`.
    */
+  overlay[global]
   deprecated class ClosureModuleDeclaration extends ClosureNamespaceRef, DataFlow::MethodCallNode instanceof DefaultClosureModuleDeclaration
   { }
 
@@ -156,6 +170,7 @@ module Closure {
     /**
      * Gets the call to `goog.module` or `goog.declareModuleId` in this module.
      */
+    overlay[global]
     deprecated ClosureModuleDeclaration getModuleDeclaration() { result.getTopLevel() = this }
 
     /**
@@ -181,6 +196,7 @@ module Closure {
       result = this.getScope().getVariable("exports")
     }
 
+    overlay[global]
     override DataFlow::Node getAnExportedValue(string name) {
       exists(DataFlow::PropWrite write, Expr base |
         result = write.getRhs() and
@@ -193,6 +209,7 @@ module Closure {
       )
     }
 
+    overlay[global]
     override DataFlow::Node getABulkExportedNode() {
       result = this.getExportsVariable().getAnAssignedExpr().flow()
     }
@@ -232,6 +249,7 @@ module Closure {
   /**
    * Holds if `name` is a closure namespace, including proper namespace prefixes.
    */
+  overlay[global]
   pragma[noinline]
   predicate isClosureNamespace(string name) {
     exists(string namespace |
@@ -253,6 +271,7 @@ module Closure {
    * Holds if a prefix of `name` is a closure namespace.
    */
   bindingset[name]
+  overlay[global]
   private predicate hasClosureNamespacePrefix(string name) {
     isClosureNamespace(name.substring(0, name.indexOf(".")))
     or
@@ -262,6 +281,7 @@ module Closure {
   /**
    * Gets the closure namespace path addressed by the given data flow node, if any.
    */
+  overlay[global]
   string getClosureNamespaceFromSourceNode(DataFlow::SourceNode node) {
     node = AccessPath::getAReferenceOrAssignmentTo(result) and
     hasClosureNamespacePrefix(result)
@@ -270,6 +290,7 @@ module Closure {
   /**
    * Gets the closure namespace path written to by the given property write, if any.
    */
+  overlay[global]
   string getWrittenClosureNamespace(DataFlow::PropWrite node) {
     node.getRhs() = AccessPath::getAnAssignmentTo(result) and
     hasClosureNamespacePrefix(result)
@@ -278,13 +299,15 @@ module Closure {
   /**
    * Gets a data flow node that refers to the given value exported from a Closure module.
    */
+  overlay[global]
   DataFlow::SourceNode moduleImport(string moduleName) {
     getClosureNamespaceFromSourceNode(result) = moduleName
   }
 
   /**
    * A call to `goog.bind`, as a partial function invocation.
    */
+  overlay[global]
   private class BindCall extends DataFlow::PartialInvokeNode::Range, DataFlow::CallNode {
     BindCall() { this = moduleImport("goog.bind").getACall() }