hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port SecondOrderCommandInjection

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:22:40 +02:00
parent 4af7694309
commit 06835a800c
4 changed files with 93 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
View File

@@ -14,11 +14,14 @@
*/
import javascript
import DataFlow::PathGraph
import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery
import DataFlow::DeduplicatePathGraph<SecondOrderCommandInjectionFlow::PathNode, SecondOrderCommandInjectionFlow::PathGraph>
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode
where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode()
from PathNode source, PathNode sink, Sink sinkNode
where
SecondOrderCommandInjectionFlow::flowPath(source.getAnOriginalPathNode(),
sink.getAnOriginalPathNode()) and
sinkNode = sink.getNode()
select sink.getNode(), source, sink,
"Command line argument that depends on $@ can execute an arbitrary command if " +
sinkNode.getVulnerableArgumentExample() + " is used with " + sinkNode.getCommand() + ".",