coder-chenzhi
diff --git a/‎javascript/ql/src/semmle/javascript/Extend.qll
Lines changed: 3 additions & 1 deletion b/‎javascript/ql/src/semmle/javascript/Extend.qll
Lines changed: 3 additions & 1 deletion
diff --git a/‎javascript/ql/src/semmle/javascript/JSDoc.qll
Lines changed: 1 addition & 0 deletions b/‎javascript/ql/src/semmle/javascript/JSDoc.qll
Lines changed: 1 addition & 0 deletions
diff --git a/‎javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
Lines changed: 4 additions & 6 deletions b/‎javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
Lines changed: 4 additions & 6 deletions
diff --git a/‎javascript/ql/src/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
Lines changed: 7 additions & 0 deletions b/‎javascript/ql/src/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll
Lines changed: 7 additions & 0 deletions
@@ -47,7 +47,9 @@ private class ExtendCallWithFlag extends ExtendCall {
       name = "node.extend"
     )
     or
-    this = jquery().getAPropertyRead("extend").getACall()
+    // Match $.extend using the source of `$` only, as ExtendCall should not
+    // depend on type tracking.
+    this = JQuery::dollarSource().getAMemberCall("extend")
   }
 
   /**
 
@@ -336,6 +336,7 @@ class JSDocNamedTypeExpr extends @jsdoc_named_type_expr, JSDocTypeExpr {
   /**
    * Gets the qualified name of this name by resolving its prefix, if any.
    */
+  cached
   private string resolvedName() {
     exists(string prefix, string suffix, JSDoc::Environment env |
       hasNamePartsAndEnv(prefix, suffix, env) and
 
@@ -631,11 +631,11 @@ private class RouteParamSource extends RemoteFlowSource {
  * AngularJS expose a jQuery-like interface through `angular.html(..)`.
  * The interface may be backed by an actual jQuery implementation.
  */
-private class JQLiteObject extends JQueryObject {
+private class JQLiteObject extends JQuery::ObjectSource::Range {
   JQLiteObject() {
-    this = angular().getAMemberCall("element").asExpr()
+    this = angular().getAMemberCall("element")
     or
-    exists(SimpleParameter param |
+    exists(Parameter param | this = DataFlow::parameterNode(param) |
       // element parameters to user-functions invoked by AngularJS
       param = any(LinkFunction link).getElementParameter()
       or
@@ -652,15 +652,13 @@ private class JQLiteObject extends JQueryObject {
           param = f.getAstNode().(Function).getParameter(i)
         )
       )
-    |
-      this = param.getAnInitialUse()
     )
     or
     exists(ServiceReference element |
       element.getName() = "$rootElement" or
       element.getName() = "$document"
     |
-      this = element.getAnAccess()
+      this = element.getAReference()
     )
   }
 }
 
@@ -34,6 +34,13 @@ abstract class ServiceReference extends TServiceReference {
    */
   abstract string getName();
 
+  /**
+   * Gets a data flow node that may refer to this service.
+   */
+  DataFlow::SourceNode getAReference() {
+    result = DataFlow::parameterNode(any(ServiceRequest request).getDependencyParameter(this))
+  }
+
   /**
    * Gets an access to the referenced service.
    */
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,9 @@ private class ExtendCallWithFlag extends ExtendCall {`
`47`	`47`	`name = "node.extend"`
`48`	`48`	`)`
`49`	`49`	`or`
`50`		`- this = jquery().getAPropertyRead("extend").getACall()`
	`50`	+ // Match $.extend using the source of `$` only, as ExtendCall should not
	`51`	`+ // depend on type tracking.`
	`52`	`+ this = JQuery::dollarSource().getAMemberCall("extend")`
`51`	`53`	`}`
`52`	`54`
`53`	`55`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -631,11 +631,11 @@ private class RouteParamSource extends RemoteFlowSource {`
`631`	`631`	* AngularJS expose a jQuery-like interface through `angular.html(..)`.
`632`	`632`	`* The interface may be backed by an actual jQuery implementation.`
`633`	`633`	`*/`
`634`		`-private class JQLiteObject extends JQueryObject {`
	`634`	`+private class JQLiteObject extends JQuery::ObjectSource::Range {`
`635`	`635`	`JQLiteObject() {`
`636`		`- this = angular().getAMemberCall("element").asExpr()`
	`636`	`+ this = angular().getAMemberCall("element")`
`637`	`637`	`or`
`638`		`- exists(SimpleParameter param \|`
	`638`	`+ exists(Parameter param \| this = DataFlow::parameterNode(param) \|`
`639`	`639`	`// element parameters to user-functions invoked by AngularJS`
`640`	`640`	`param = any(LinkFunction link).getElementParameter()`
`641`	`641`	`or`
`@@ -652,15 +652,13 @@ private class JQLiteObject extends JQueryObject {`
`652`	`652`	`param = f.getAstNode().(Function).getParameter(i)`
`653`	`653`	`)`
`654`	`654`	`)`
`655`		`- \|`
`656`		`- this = param.getAnInitialUse()`
`657`	`655`	`)`
`658`	`656`	`or`
`659`	`657`	`exists(ServiceReference element \|`
`660`	`658`	`element.getName() = "$rootElement" or`
`661`	`659`	`element.getName() = "$document"`
`662`	`660`	`\|`
`663`		`- this = element.getAnAccess()`
	`661`	`+ this = element.getAReference()`
`664`	`662`	`)`
`665`	`663`	`}`
`666`	`664`	`}`