JS: Mark type-annotated nodes as SourceNode

Author: asgerf

javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll

@@ -229,10 +229,7 @@ module DataFlow {
     predicate hasUnderlyingType(string globalName) {
       Stages::TypeTracking::ref() and
       exists(NameResolution::Node type |
-        TypeResolution::valueHasType(this.getNameResolutionNode(), type)
-        or
-        TypeResolution::contextualType(this.getNameResolutionNode(), type)
-      |
+        TypeResolution::valueHasType(this.getNameResolutionNode(), type) and
         UnderlyingTypes::nodeHasUnderlyingType(type, globalName)
       )
     }
@@ -246,12 +243,7 @@ module DataFlow {
       Stages::TypeTracking::ref() and
       moduleName != "global" and
       exists(NameResolution::Node type |
-        TypeResolution::valueHasType(this.getNameResolutionNode(), type)
-        or
-        // Also check contextual type as this helps when tracking facts between SourceNode only.
-        // For example, for `var x: T = getFoo()` we need `getFoo()` to have the type T.
-        TypeResolution::contextualType(this.getNameResolutionNode(), type)
-      |
+        TypeResolution::valueHasType(this.getNameResolutionNode(), type) and
         UnderlyingTypes::nodeHasUnderlyingType(type, moduleName, typeName)
       )
     }

javascript/ql/lib/semmle/javascript/dataflow/Sources.qll

@@ -333,7 +333,13 @@ module SourceNode {
         astNode instanceof TaggedTemplateExpr or
         astNode instanceof Templating::PipeRefExpr or
         astNode instanceof Templating::TemplateVarRefExpr or
-        astNode instanceof StringLiteral
+        astNode instanceof StringLiteral or
+        astNode instanceof TypeAssertion
+      )
+      or
+      exists(VariableDeclarator decl |
+        exists(decl.getTypeAnnotation()) and
+        this = DataFlow::valueNode(decl.getBindingPattern())
       )
       or
       DataFlow::parameterNode(this, _)

javascript/ql/lib/semmle/javascript/internal/TypeResolution.qll

@@ -233,6 +233,8 @@ module TypeResolution {
   predicate valueHasType(Node value, Node type) {
     value.(BindingPattern).getTypeAnnotation() = type
     or
+    value.(TypeAssertion).getTypeAnnotation() = type
+    or
     exists(VarDecl decl |
       // ValueFlow::step is restricted to variables with at most one assignment. Allow the type annotation
       // of a variable to propagate to its uses, even if the variable has multiple assignments.

javascript/ql/test/library-tests/UnderlyingTypes/test.expected

@@ -48,3 +48,4 @@
 | subtype.ts:7:13:7:15 | req | 'express'.Request |
 | subtype.ts:13:13:13:15 | req | 'express'.Request |
 | subtype.ts:19:13:19:15 | req | 'express'.Request |
+| varAssignment.ts:4:9:4:11 | req | 'express'.Request |

javascript/ql/test/library-tests/UnderlyingTypes/varAssignment.ts

@@ -1,5 +1,5 @@
 import * as express from 'express';
 
 function t1(e) {
-    var req: express.Request = e; // $ MISSING: hasUnderlyingType='express'.Request
+    var req: express.Request = e; // $ hasUnderlyingType='express'.Request
 }