Refine locations in the CDS file

lcartey · lcartey · commit 489e23c2724d · 2024-11-14T16:25:51.000Z
- Exclude objects without a $locations property
 - Use the known name to deduce the end column
diff --git a/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDL.qll b/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDL.qll
@@ -5,23 +5,7 @@
 import javascript
 import advanced_security.javascript.frameworks.cap.CDS
 
-abstract class CdlObject extends JsonObject {
-  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
-    exists(Location loc, JsonValue locValue |
-      loc = this.getLocation() and
-      locValue = this.getPropValue("$location") and
-      path =
-        any(File f |
-          f.getAbsolutePath()
-              .matches("%" + locValue.getPropValue("file").getStringValue() + ".json")
-        ).getAbsolutePath().regexpReplaceAll("\\.json$", "") and
-      sl = locValue.getPropValue("line").getIntValue() and
-      sc = locValue.getPropValue("col").getIntValue() and
-      el = sl + 1 and
-      ec = 1
-    )
-  }
-}
+abstract class CdlObject extends JsonObject { }
 
 private newtype CdlKind =
   CdlServiceKind(string value) { value = "service" } or
@@ -47,6 +31,29 @@ abstract class CdlElement extends CdlObject {
 
   CdlElement() { exists(CdlDefinition definition | this = definition.getElement(name)) }
 
+  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    // If the cds.json file has a $location property, then use that,
+    // otherwise fall back to the cds.json file itself
+    if exists(this.getPropValue("$location"))
+    then
+      exists(Location loc, JsonValue locValue |
+        loc = this.getLocation() and
+        locValue = this.getPropValue("$location") and
+        path =
+          any(File f |
+            f.getAbsolutePath()
+                .matches("%" + locValue.getPropValue("file").getStringValue() + ".json")
+          ).getAbsolutePath().regexpReplaceAll("\\.json$", "") and
+        sl = locValue.getPropValue("line").getIntValue() and
+        sc = locValue.getPropValue("col").getIntValue() and
+        el = sl and
+        // Currently $locations does not provide an end location. However, we can
+        // automatically deduce the end location from the length of the name.
+        ec = sc + getUnqualifiedName().length() - 1
+      )
+    else super.getLocation().hasLocationInfo(path, sl, sc, el, ec)
+  }
+
   /**
    * Gets the name of this CDL element.
    */
