JS: Add parameters of server functions as remote flow sources

Author: asgerf

javascript/ql/lib/semmle/javascript/frameworks/React.qll

@@ -875,3 +875,22 @@ private class ReactPropAsViewComponentInput extends ViewComponentInput {
 
   override string getSourceType() { result = "React props" }
 }
+
+private predicate isServerFunction(DataFlow::FunctionNode func) {
+  exists(Directive::UseServerDirective useServer |
+    useServer.getContainer() = func.getFunction()
+    or
+    useServer.getContainer().(Module).getAnExportedValue(_).getAFunctionValue() = func
+  )
+}
+
+private class ServerFunctionRemoteFlowSource extends RemoteFlowSource {
+  ServerFunctionRemoteFlowSource() {
+    exists(DataFlow::FunctionNode func |
+      isServerFunction(func) and
+      this = func.getAParameter()
+    )
+  }
+
+  override string getSourceType() { result = "React server function parameter" }
+}

javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected

@@ -305,3 +305,7 @@ threatModelSource
 | statePropertyWrites.js:38:24:38:33 | this.props | view-component-input |
 | thisAccesses.js:31:12:31:16 | props | view-component-input |
 | thisAccesses.js:48:18:48:18 | y | view-component-input |
+| use-server1.js:2:5:2:5 | x | remote |
+| use-server1.js:3:5:3:5 | y | remote |
+| use-server2.js:4:5:4:5 | x | remote |
+| use-server2.js:5:5:5:5 | y | remote |

javascript/ql/test/library-tests/frameworks/ReactJS/use-server1.js

@@ -1,6 +1,6 @@
 async function getData(
-    x, // $ MISSING: threatModelSource=remote
-    y) { // $ MISSING: threatModelSource=remote
+    x, // $ threatModelSource=remote
+    y) { // $ threatModelSource=remote
   "use server";
 }
 

javascript/ql/test/library-tests/frameworks/ReactJS/use-server2.js

@@ -1,8 +1,8 @@
 "use server";
 
 export async function getData(
-    x, // $ MISSING: threatModelSource=remote
-    y) { // $ MISSING: threatModelSource=remote
+    x, // $ threatModelSource=remote
+    y) { // $ threatModelSource=remote
 }
 
 async function getData2(