Revert "Updated dependencies (#29)" (#30)

This reverts commit 41b99b1.
ShiftLeftSecurity · Nov 12, 2021 · f0851e8 · f0851e8
1 parent 41b99b1
commit f0851e8
Show file tree

Hide file tree

Showing 8 changed files with 79 additions and 99 deletions.
diff --git a/build.sbt b/build.sbt
@@ -1,4 +1,4 @@
-val cpgVersion = "1.3.431"
+val cpgVersion = "1.3.429"
 
 val gitCommitString = SettingKey[String]("gitSha")
 
@@ -82,15 +82,15 @@ lazy val commonSettings = Seq(
     "io.shiftleft"             %% "codepropertygraph" % cpgVersion,
     "io.shiftleft"             %% "semanticcpg"       % cpgVersion,
     "com.github.scopt"         %% "scopt"             % "4.0.1",
-    "org.graalvm.js"           % "js"                 % "21.3.0",
+    "org.graalvm.js"           % "js"                 % "21.1.0",
     "com.github.pathikrit"     %% "better-files"      % "3.9.1",
     "org.slf4j"                % "slf4j-api"          % "1.7.32",
     "org.apache.logging.log4j" % "log4j-slf4j-impl"   % "2.14.1" % Runtime,
     "com.typesafe.play"        %% "play-json"         % "2.9.2",
-    "com.fasterxml.jackson"    % "jackson-base"       % "2.13.0",
+    "com.fasterxml.jackson"    % "jackson-base"       % "2.12.5",
     "com.atlassian.sourcemap"  % "sourcemap"          % "2.0.0",
     "commons-io"               % "commons-io"         % "2.11.0",
-    "org.scalatest"            %% "scalatest"         % "3.2.10" % Test
+    "org.scalatest"            %% "scalatest"         % "3.2.9" % Test
   ),
   Test / fork := true
 )

diff --git a/src/main/scala/io/shiftleft/js2cpg/cpg/passes/astcreation/AstCreator.scala b/src/main/scala/io/shiftleft/js2cpg/cpg/passes/astcreation/AstCreator.scala
@@ -31,9 +31,9 @@ import com.oracle.js.parser.ir.{
   ParameterNode,
   PropertyNode,
   ReturnNode,
+  RuntimeNode,
   Statement,
   SwitchNode,
-  TemplateLiteralNode,
   TernaryNode,
   ThrowNode,
   TryNode,
@@ -44,6 +44,7 @@ import com.oracle.js.parser.ir.{
 }
 import com.oracle.js.parser.ir.LiteralNode.ArrayLiteralNode
 import io.shiftleft.codepropertygraph.generated.nodes.{
+  NewNode,
   NewBlock,
   NewCall,
   NewControlStructure,
@@ -52,7 +53,6 @@ import io.shiftleft.codepropertygraph.generated.nodes.{
   NewMethod,
   NewMethodRef,
   NewNamespaceBlock,
-  NewNode,
   NewTypeDecl,
   NewTypeRef
 }
@@ -64,7 +64,17 @@ import io.shiftleft.codepropertygraph.generated.{
 }
 import io.shiftleft.js2cpg.cpg.datastructures.Stack._
 import io.shiftleft.js2cpg.cpg.datastructures._
-import io.shiftleft.js2cpg.cpg.datastructures.scope._
+import io.shiftleft.js2cpg.cpg.datastructures.scope.{
+  BlockScope,
+  BlockScopeElement,
+  MethodScope,
+  MethodScopeElement,
+  ResolvedReference,
+  Scope,
+  ScopeElement,
+  ScopeElementIterator,
+  ScopeType
+}
 import io.shiftleft.js2cpg.cpg.passes.{Defines, EcmaBuiltins, PassHelpers}
 import io.shiftleft.js2cpg.cpg.passes.PassHelpers.ParamNodeInitKind
 import io.shiftleft.js2cpg.parser.{GeneralizingAstVisitor, JsSource}
@@ -1717,31 +1727,20 @@ class AstCreator(diffGraph: DiffGraph.Builder, source: JsSource, usedIdentNodes:
     }
   }
 
-  override def visit(templateLiteralNode: TemplateLiteralNode): NewNode = {
-    val args = templateLiteralNode match {
-      case node: TemplateLiteralNode.TaggedTemplateLiteralNode =>
-        node.getRawStrings.asScala
-      case node: TemplateLiteralNode.UntaggedTemplateLiteralNode =>
-        node.getExpressions.asScala.zipWithIndex.collect {
-          case (expr, i) if i % 2 != 0 => expr
-        }
-    }
-
-    val callId = astNodeBuilder.createCallNode(
-      s"__Runtime.TO_STRING(${args.mkString(",")})",
-      s"__Runtime.TO_STRING",
-      DispatchTypes.STATIC_DISPATCH,
-      astNodeBuilder.lineAndColumn(templateLiteralNode)
-    )
+  override def visit(runtimeNode: RuntimeNode): NewNode = {
+    val callId = astNodeBuilder.createCallNode(runtimeNode.toString(),
+                                               s"__Runtime.${runtimeNode.getRequest.toString}",
+                                               DispatchTypes.STATIC_DISPATCH,
+                                               astNodeBuilder.lineAndColumn(runtimeNode))
 
     val callOrder    = new OrderTracker()
     val callArgIndex = new OrderTracker()
-    args.foreach { expression =>
-      val argId = expression.accept(this)
+    runtimeNode.getArgs.forEach { arg =>
+      val argId = arg.accept(this)
       astEdgeBuilder.addAstEdge(argId, callId, callOrder)
       astEdgeBuilder.addArgumentEdge(argId, callId, callArgIndex)
-
     }
+
     callId
   }
 

diff --git a/src/main/scala/io/shiftleft/js2cpg/cpg/passes/astcreation/AstNodeBuilder.scala b/src/main/scala/io/shiftleft/js2cpg/cpg/passes/astcreation/AstNodeBuilder.scala
@@ -1,7 +1,34 @@
 package io.shiftleft.js2cpg.cpg.passes.astcreation
 
 import com.oracle.js.parser.ir._
-import io.shiftleft.codepropertygraph.generated.nodes._
+import io.shiftleft.codepropertygraph.generated.nodes.{
+  HasCode,
+  NewBinding,
+  NewBlock,
+  NewCall,
+  NewClosureBinding,
+  NewControlStructure,
+  NewDependency,
+  NewFieldIdentifier,
+  NewFile,
+  NewIdentifier,
+  NewJumpTarget,
+  NewLiteral,
+  NewLocal,
+  NewMember,
+  NewMethod,
+  NewMethodParameterIn,
+  NewMethodRef,
+  NewMethodReturn,
+  NewModifier,
+  NewNamespaceBlock,
+  NewNode,
+  NewReturn,
+  NewType,
+  NewTypeDecl,
+  NewTypeRef,
+  NewUnknown
+}
 import io.shiftleft.codepropertygraph.generated.{DispatchTypes, EvaluationStrategies, Operators}
 import io.shiftleft.js2cpg.cpg.datastructures.{LineAndColumn, OrderTracker}
 import io.shiftleft.js2cpg.cpg.datastructures.scope.{MethodScope, Scope}

diff --git a/src/main/scala/io/shiftleft/js2cpg/parser/DefaultAstVisitor.scala b/src/main/scala/io/shiftleft/js2cpg/parser/DefaultAstVisitor.scala
@@ -204,11 +204,11 @@ abstract class DefaultAstVisitor(lexicalContext: LexicalContext = new LexicalCon
   override def leaveReturnNode(returnNode: ReturnNode): Node =
     super.leaveReturnNode(returnNode)
 
-  override def enterTemplateLiteralNode(templateLiteralNode: TemplateLiteralNode): Boolean =
-    super.enterTemplateLiteralNode(templateLiteralNode)
+  override def enterRuntimeNode(runtimeNode: RuntimeNode): Boolean =
+    super.enterRuntimeNode(runtimeNode)
 
-  override def leaveTemplateLiteralNode(templateLiteralNode: TemplateLiteralNode): Node =
-    super.leaveTemplateLiteralNode(templateLiteralNode)
+  override def leaveRuntimeNode(runtimeNode: RuntimeNode): Node =
+    super.leaveRuntimeNode(runtimeNode)
 
   override def enterSwitchNode(switchNode: SwitchNode): Boolean =
     super.enterSwitchNode(switchNode)

diff --git a/src/main/scala/io/shiftleft/js2cpg/parser/GeneralizingAstVisitor.scala b/src/main/scala/io/shiftleft/js2cpg/parser/GeneralizingAstVisitor.scala
@@ -233,7 +233,7 @@ class GeneralizingAstVisitor[T]
     visit(node.asInstanceOf[Statement])
   }
 
-  def visit(node: TemplateLiteralNode): T = {
+  def visit(node: RuntimeNode): T = {
     visit(node.asInstanceOf[Expression])
   }
 
@@ -417,7 +417,7 @@ class GeneralizingAstVisitor[T]
     visit(node)
   }
 
-  override def enterTemplateLiteralNode(node: TemplateLiteralNode): T = {
+  override def enterRuntimeNode(node: RuntimeNode): T = {
     visit(node)
   }
 

diff --git a/src/main/scala/io/shiftleft/js2cpg/parser/JsSource.scala b/src/main/scala/io/shiftleft/js2cpg/parser/JsSource.scala
@@ -13,8 +13,14 @@ import org.slf4j.LoggerFactory
 import scala.jdk.CollectionConverters._
 import scala.util.Using
 
+object JsSource {
+  val tmpDir: String = System.getProperty("java.io.tmpdir")
+}
+
 class JsSource(val srcDir: File, val projectDir: Path, val source: Source) {
 
+  import JsSource.tmpDir
+
   private val logger = LoggerFactory.getLogger(getClass)
 
   private val absoluteFilePath = (File(projectDir.toAbsolutePath) / originalFilePath).pathAsString

diff --git a/src/test/scala/io/shiftleft/js2cpg/cpg/passes/AstCreationPassTest.scala b/src/test/scala/io/shiftleft/js2cpg/cpg/passes/AstCreationPassTest.scala
@@ -13,6 +13,7 @@ import io.shiftleft.codepropertygraph.generated.{
   Operators,
   PropertyNames
 }
+import io.shiftleft.codepropertygraph.generated.nodes.TypeDecl
 import io.shiftleft.js2cpg.core.{Config, Report}
 import io.shiftleft.js2cpg.io.FileDefaults.JS_SUFFIX
 import io.shiftleft.js2cpg.io.FileUtils
@@ -138,64 +139,23 @@ class AstCreationPassTest extends AbstractPassTest {
       tmpReturn.checkProperty(PropertyNames.NAME, "_tmp_0")
     }
 
-    "have correct structure for untagged runtime node" in AstFixture(s"`$${x + 1}`") { cpg =>
+    "have correct structure for runtime node" in AstFixture(f"`$${x + 1}`") { cpg =>
       def method = cpg.method.nameExact(":program")
       method.checkNodeCount(1)
 
       def methodBlock = method.expandAst(NodeTypes.BLOCK)
       methodBlock.checkNodeCount(1)
 
-      def call = methodBlock.expandAst(NodeTypes.CALL)
+      def call =
+        methodBlock.expandAst(NodeTypes.CALL).expandAst(NodeTypes.CALL).expandAst(NodeTypes.CALL)
       call.checkNodeCount(1)
       call.checkProperty(PropertyNames.NAME, "__Runtime.TO_STRING")
-      call.checkProperty(PropertyNames.CODE, "__Runtime.TO_STRING(x + 1)")
 
       def argument = call.expandAst(NodeTypes.CALL)
       argument.checkNodeCount(1)
-      argument.checkProperty(PropertyNames.ORDER, 1)
-      argument.checkProperty(PropertyNames.ARGUMENT_INDEX, 1)
       argument.checkProperty(PropertyNames.CODE, "x + 1")
     }
 
-    "have correct structure for tagged runtime node" in AstFixture(s"String.raw`../$${42}\\..`") {
-      cpg =>
-        def method = cpg.method.nameExact(":program")
-        method.checkNodeCount(1)
-
-        def methodBlock = method.expandAst(NodeTypes.BLOCK)
-        methodBlock.checkNodeCount(1)
-
-        def rawCall = methodBlock.expandAst(NodeTypes.CALL)
-        rawCall.checkNodeCount(1)
-        rawCall.checkProperty(PropertyNames.CODE,
-                              """String.raw(__Runtime.TO_STRING("../","\.."), 42)""")
-
-        def rawCallArg = rawCall.expandAst(NodeTypes.LITERAL)
-        rawCallArg.checkNodeCount(1)
-        rawCallArg.checkProperty(PropertyNames.ORDER, 3)
-        rawCallArg.checkProperty(PropertyNames.ARGUMENT_INDEX, 2)
-        rawCallArg.checkProperty(PropertyNames.CODE, "42")
-
-        def runtimeCall =
-          rawCall.expandAst(NodeTypes.CALL).filter(PropertyNames.NAME, "__Runtime.TO_STRING")
-        runtimeCall.checkNodeCount(1)
-        runtimeCall.checkProperty(PropertyNames.ORDER, 2)
-        runtimeCall.checkProperty(PropertyNames.ARGUMENT_INDEX, 1)
-        runtimeCall.checkProperty(PropertyNames.CODE, """__Runtime.TO_STRING("../","\..")""")
-
-        def argument1 =
-          runtimeCall.expandAst(NodeTypes.LITERAL).filter(PropertyNames.CODE, "\"../\"")
-        argument1.checkNodeCount(1)
-        argument1.checkProperty(PropertyNames.ORDER, 1)
-        argument1.checkProperty(PropertyNames.ARGUMENT_INDEX, 1)
-
-        def argument2 =
-          runtimeCall.expandAst(NodeTypes.LITERAL).filter(PropertyNames.CODE, "\"\\..\"")
-        argument2.checkNodeCount(1)
-        argument2.checkProperty(PropertyNames.ORDER, 2)
-        argument2.checkProperty(PropertyNames.ARGUMENT_INDEX, 2)
-    }
-
     "have correct structure for try" in AstFixture("""
        |try {
        | open()

diff --git a/src/test/scala/io/shiftleft/js2cpg/cpg/passes/CfgCreationPassTest.scala b/src/test/scala/io/shiftleft/js2cpg/cpg/passes/CfgCreationPassTest.scala
@@ -69,30 +69,18 @@ class CfgCreationPassTest extends AnyWordSpec with Matchers {
       }
     }
 
-    "have correct structure for untagged runtime node" in {
-      new CfgFixture(s"`$${x + 1}`") {
-        succOf(":program") shouldBe expected(("x", AlwaysEdge))
+    "have correct structure for runtime node" in {
+      new CfgFixture(f"`$${x + 1}`") {
+        succOf(":program") shouldBe expected(("\"\"", AlwaysEdge))
+        succOf("\"\"") shouldBe expected(("x", AlwaysEdge))
         succOf("x") shouldBe expected(("1", AlwaysEdge))
         succOf("1") shouldBe expected(("x + 1", AlwaysEdge))
-        succOf("x + 1") shouldBe expected(("__Runtime.TO_STRING(x + 1)", AlwaysEdge))
-        succOf("__Runtime.TO_STRING(x + 1)") shouldBe expected(("RET", AlwaysEdge))
-      }
-    }
-
-    "have correct structure for tagged runtime node" in {
-      new CfgFixture(s"String.raw`../$${42}\\..`") {
-        succOf(":program") shouldBe expected(("String", AlwaysEdge))
-        succOf("String") shouldBe expected(("raw", AlwaysEdge))
-        succOf("raw") shouldBe expected(("String.raw", AlwaysEdge))
-        succOf("String.raw") shouldBe expected(("String", 1, AlwaysEdge))
-        succOf("String", 1) shouldBe expected(("\"../\"", AlwaysEdge))
-        succOf("\"../\"") shouldBe expected(("\"\\..\"", AlwaysEdge))
-        succOf("\"\\..\"") shouldBe expected(("__Runtime.TO_STRING(\"../\",\"\\..\")", AlwaysEdge))
-        succOf("__Runtime.TO_STRING(\"../\",\"\\..\")") shouldBe expected(("42", AlwaysEdge))
-        succOf("42") shouldBe expected(
-          ("String.raw(__Runtime.TO_STRING(\"../\",\"\\..\"), 42)", AlwaysEdge))
-        succOf("String.raw(__Runtime.TO_STRING(\"../\",\"\\..\"), 42)") shouldBe expected(
-          ("RET", AlwaysEdge))
+        succOf("x + 1") shouldBe expected(("Runtime.TO_STRING(x + 1)", AlwaysEdge))
+        succOf("Runtime.TO_STRING(x + 1)") shouldBe expected(
+          ("\"\" + Runtime.TO_STRING(x + 1)", AlwaysEdge))
+        succOf("\"\" + Runtime.TO_STRING(x + 1)") shouldBe expected(("\"\"", 1, AlwaysEdge))
+        succOf("\"\"", 1) shouldBe expected(("\"\" + Runtime.TO_STRING(x + 1) + \"\"", AlwaysEdge))
+        succOf("\"\" + Runtime.TO_STRING(x + 1) + \"\"") shouldBe expected(("RET", AlwaysEdge))
       }
     }