Add flow config from 'new db()' to 'db.exec()'

2025-12-16 12:03:03 +01:00 · 2023-11-26 14:06:44 -08:00
parent 247b71294a
commit 18b8c9e98c
6 changed files with 196 additions and 25 deletions
--- a/tests/IdentifyFlowSink/IdentifyFlowSink.expected
+++ b/tests/IdentifyFlowSink/IdentifyFlowSink.expected
@@ -0,0 +1,61 @@
+WARNING: Unused predicate uSink (/Users/hohn/local/codeql-javascript-multiflow/solutions/IdentifyFlowSink.ql:16,11-16)
+WARNING: Unused predicate uSource (/Users/hohn/local/codeql-javascript-multiflow/solutions/IdentifyFlowSink.ql:11,11-18)
+WARNING: Unused variable lbl (/Users/hohn/local/codeql-javascript-multiflow/solutions/IdentifyFlowSink.ql:32,70-73)
+WARNING: Unused variable lbl (/Users/hohn/local/codeql-javascript-multiflow/solutions/IdentifyFlowSink.ql:40,68-71)
+nodes
+| add-user.js:16:11:26:10 | db |
+| add-user.js:16:11:26:10 | db |
+| add-user.js:16:11:26:10 | db |
+| add-user.js:16:16:26:10 | new sql ...      }) |
+| add-user.js:16:16:26:10 | new sql ...      }) |
+| add-user.js:16:16:26:10 | new sql ...      }) |
+| add-user.js:16:16:26:10 | new sql ...      }) |
+| add-user.js:28:12:28:13 | db |
+| add-user.js:28:12:28:13 | db |
+| add-user.js:28:12:28:13 | db |
+| add-user.js:31:21:31:22 | db |
+| add-user.js:31:21:31:22 | db |
+| add-user.js:31:21:31:22 | db |
+| add-user.js:35:5:35:6 | db |
+| add-user.js:35:5:35:6 | db |
+| add-user.js:35:5:35:6 | db |
+| add-user.js:35:5:35:6 | db |
+| add-user.js:43:9:43:25 | db |
+| add-user.js:43:9:43:25 | db |
+| add-user.js:43:9:43:25 | db |
+| add-user.js:43:14:43:25 | connect_db() |
+| add-user.js:43:14:43:25 | connect_db() |
+| add-user.js:43:14:43:25 | connect_db() |
+| add-user.js:44:16:44:17 | db |
+| add-user.js:44:16:44:17 | db |
+| add-user.js:44:16:44:17 | db |
+edges
+| add-user.js:16:11:26:10 | db | add-user.js:28:12:28:13 | db |
+| add-user.js:16:11:26:10 | db | add-user.js:28:12:28:13 | db |
+| add-user.js:16:11:26:10 | db | add-user.js:28:12:28:13 | db |
+| add-user.js:16:16:26:10 | new sql ...      }) | add-user.js:16:11:26:10 | db |
+| add-user.js:16:16:26:10 | new sql ...      }) | add-user.js:16:11:26:10 | db |
+| add-user.js:16:16:26:10 | new sql ...      }) | add-user.js:16:11:26:10 | db |
+| add-user.js:16:16:26:10 | new sql ...      }) | add-user.js:16:11:26:10 | db |
+| add-user.js:16:16:26:10 | new sql ...      }) | add-user.js:16:11:26:10 | db |
+| add-user.js:16:16:26:10 | new sql ...      }) | add-user.js:16:11:26:10 | db |
+| add-user.js:28:12:28:13 | db | add-user.js:43:14:43:25 | connect_db() |
+| add-user.js:28:12:28:13 | db | add-user.js:43:14:43:25 | connect_db() |
+| add-user.js:28:12:28:13 | db | add-user.js:43:14:43:25 | connect_db() |
+| add-user.js:31:21:31:22 | db | add-user.js:35:5:35:6 | db |
+| add-user.js:31:21:31:22 | db | add-user.js:35:5:35:6 | db |
+| add-user.js:31:21:31:22 | db | add-user.js:35:5:35:6 | db |
+| add-user.js:31:21:31:22 | db | add-user.js:35:5:35:6 | db |
+| add-user.js:31:21:31:22 | db | add-user.js:35:5:35:6 | db |
+| add-user.js:31:21:31:22 | db | add-user.js:35:5:35:6 | db |
+| add-user.js:43:9:43:25 | db | add-user.js:44:16:44:17 | db |
+| add-user.js:43:9:43:25 | db | add-user.js:44:16:44:17 | db |
+| add-user.js:43:9:43:25 | db | add-user.js:44:16:44:17 | db |
+| add-user.js:43:14:43:25 | connect_db() | add-user.js:43:9:43:25 | db |
+| add-user.js:43:14:43:25 | connect_db() | add-user.js:43:9:43:25 | db |
+| add-user.js:43:14:43:25 | connect_db() | add-user.js:43:9:43:25 | db |
+| add-user.js:44:16:44:17 | db | add-user.js:31:21:31:22 | db |
+| add-user.js:44:16:44:17 | db | add-user.js:31:21:31:22 | db |
+| add-user.js:44:16:44:17 | db | add-user.js:31:21:31:22 | db |
+#select
+| add-user.js:35:5:35:6 | db | add-user.js:16:16:26:10 | new sql ...      }) | add-user.js:35:5:35:6 | db | Database originating $@ | add-user.js:16:16:26:10 | new sql ...      }) | here |
--- a/tests/IdentifyFlowSink/IdentifyFlowSink.qlref
+++ b/tests/IdentifyFlowSink/IdentifyFlowSink.qlref
@@ -0,0 +1 @@
+IdentifyFlowSink.ql
--- a/tests/IdentifyFlowSink/add-user.js
+++ b/tests/IdentifyFlowSink/add-user.js
@@ -0,0 +1,47 @@
+function get_user_info() {
+    var fs = require("fs");
+    var stdinBuffer = fs.readFileSync(process.stdin.fd);
+    var line = stdinBuffer.toString();
+    console.log(line);
+    line = line.replace(/(\r\n|\n|\r)/gm, "");
+    return line
+}
+
+function get_new_id() {
+    return Math.floor(Math.random() * 12345);
+}
+
+function connect_db() {
+    const sqlite3 = require('sqlite3').verbose();
+    const db = new sqlite3.Database(
+        'users.sqlite',
+        sqlite3.OPEN_READWRITE | sqlite3.OPEN_FULLMUTEX, 
+        err => {
+            if (err){
+                console.log(err);
+                throw err;
+            } else {
+                console.log('DB opened');
+            }
+        });
+
+    return db;
+}
+
+function write_info(db, id, info) {
+    db.serialize();
+    const query = `INSERT INTO users VALUES (${id}, "${info}")`;
+    console.log(query);
+    db.exec(query);
+    db.close();
+}
+
+let add_user = () => {
+    console.log("Running add-user");
+    var info = get_user_info();
+    var id = get_new_id();
+    var db = connect_db();
+    write_info(db, id, info);
+}
+
+add_user()