JS: Move nodeRefersToModule into NameResolution

Author: asgerf

javascript/ql/lib/semmle/javascript/internal/NameResolution.qll

@@ -319,4 +319,79 @@ module NameResolution {
    * Gets a node to which the given module flows.
    */
   predicate trackModule = ValueFlow::TrackNode<ModuleLike>::track/1;
+
+  /**
+   * Holds if `moduleName` appears to start with a package name, as opposed to a relative file import.
+   */
+  bindingset[moduleName]
+  private predicate isExternalModuleName(string moduleName) {
+    not moduleName.regexpMatch("^(\\.|/).*")
+  }
+
+  bindingset[name]
+  private string normalizeModuleName(string name) {
+    result =
+      name.regexpReplaceAll("^node:", "")
+          .regexpReplaceAll("\\.[jt]sx?$", "")
+          .regexpReplaceAll("/(index)?$", "")
+  }
+
+  /** Appends a name onto a qualified name */
+  bindingset[a, b]
+  string append(string a, string b) {
+    if b = "default"
+    then result = a
+    else (
+      (if a = "" or b = "" then result = a + b else result = a + "." + b) and
+      result.length() < 100
+    )
+  }
+
+  /**
+   * Holds if `node` is a reference to the given module, or a qualified name rooted in that module.
+   *
+   * If `qualifiedName` is empty, `node` refers to the module itself.
+   *
+   * If `mod` is the string `"global"`, `node` refers to a global access path.
+   *
+   * Unlike `trackModule`, this is intended to track uses of external packages.
+   */
+  predicate nodeRefersToModule(Node node, string mod, string qualifiedName) {
+    exists(PathExpr path |
+      path = any(Import imprt).getImportedPath() or
+      path = any(ReExportDeclaration e).getImportedPath()
+    |
+      node = path and
+      mod = normalizeModuleName(path.getValue()) and
+      isExternalModuleName(mod) and
+      qualifiedName = ""
+    )
+    or
+    mod = "global" and
+    exists(LocalNamespaceAccess access |
+      node = access and
+      not exists(access.getLocalNamespaceName()) and
+      access.getName() = qualifiedName
+    )
+    or
+    // Additionally track through bulk re-exports (`export * from 'mod`).
+    // These are normally handled by 'exportAs' which supports various shadowing rules,
+    // but has no effect when the ultimate re-exported module is not resolved to a Module.
+    // We propagate external module refs through bulk re-exports and ignore shadowing rules.
+    exists(BulkReExportDeclaration reExport |
+      nodeRefersToModule(reExport.getImportedPath(), mod, qualifiedName) and
+      node = reExport.getContainer()
+    )
+    or
+    exists(Node mid |
+      nodeRefersToModule(mid, mod, qualifiedName) and
+      ValueFlow::step(mid, node)
+    )
+    or
+    exists(Node mid, string prefix, string step |
+      nodeRefersToModule(mid, mod, prefix) and
+      readStep(mid, step, node) and
+      qualifiedName = append(prefix, step)
+    )
+  }
 }

javascript/ql/lib/semmle/javascript/internal/UnderlyingTypes.qll

@@ -9,68 +9,6 @@ private import semmle.javascript.internal.NameResolution::NameResolution
  * Provides name resolution and propagates type information.
  */
 module UnderlyingTypes {
-  /**
-   * Holds if `moduleName` appears to start with a package name, as opposed to a relative file import.
-   */
-  bindingset[moduleName]
-  private predicate isExternalModuleName(string moduleName) {
-    not moduleName.regexpMatch("^(\\.|/).*")
-  }
-
-  bindingset[name]
-  private string normalizeModuleName(string name) {
-    result =
-      name.regexpReplaceAll("^node:", "")
-          .regexpReplaceAll("\\.[jt]sx?$", "")
-          .regexpReplaceAll("/(index)?$", "")
-  }
-
-  /**
-   * Holds if `node` is a reference to the given module, or a qualified name rooted in that module.
-   *
-   * If `qualifiedName` is empty, `node` refers to the module itself.
-   *
-   * If `mod` is the string `"global"`, `node` refers to a global access path.
-   */
-  predicate nodeRefersToModule(Node node, string mod, string qualifiedName) {
-    exists(PathExpr path |
-      path = any(Import imprt).getImportedPath() or
-      path = any(ReExportDeclaration e).getImportedPath()
-    |
-      node = path and
-      mod = normalizeModuleName(path.getValue()) and
-      isExternalModuleName(mod) and
-      qualifiedName = ""
-    )
-    or
-    mod = "global" and
-    exists(LocalNamespaceAccess access |
-      node = access and
-      not exists(access.getLocalNamespaceName()) and
-      access.getName() = qualifiedName
-    )
-    or
-    // Additionally track through bulk re-exports (`export * from 'mod`).
-    // These are normally handled by 'exportAs' which supports various shadowing rules,
-    // but has no effect when the ultimate re-exported module is not resolved to a Module.
-    // We propagate external module refs through bulk re-exports and ignore shadowing rules.
-    exists(BulkReExportDeclaration reExport |
-      nodeRefersToModule(reExport.getImportedPath(), mod, qualifiedName) and
-      node = reExport.getContainer()
-    )
-    or
-    exists(Node mid |
-      nodeRefersToModule(mid, mod, qualifiedName) and
-      ValueFlow::step(mid, node)
-    )
-    or
-    exists(Node mid, string prefix, string step |
-      nodeRefersToModule(mid, mod, prefix) and
-      readStep(mid, step, node) and
-      qualifiedName = append(prefix, step)
-    )
-  }
-
   private predicate subtypeStep(Node node1, Node node2) {
     exists(ClassOrInterface cls |
       (
@@ -133,16 +71,6 @@ module UnderlyingTypes {
     )
   }
 
-  bindingset[a, b]
-  private string append(string a, string b) {
-    if b = "default"
-    then result = a
-    else (
-      (if a = "" or b = "" then result = a + b else result = a + "." + b) and
-      result.length() < 100
-    )
-  }
-
   predicate nodeHasUnderlyingType(Node node, string mod, string name) {
     nodeRefersToModule(node, mod, name)
     or