added inline tests, move to experimental dir

2026-04-29 02:35:15 +02:00 · 2023-12-05 18:59:46 +01:00
parent 2c4d2d3069
commit 1547cd0546
10 changed files with 140 additions and 236 deletions
--- a/javascript/ql/test/experimental/Execa/PathInjection/tests.expected
+++ b/javascript/ql/test/experimental/Execa/PathInjection/tests.expected
@@ -0,0 +1,6 @@
+passingPositiveTests
+| PASSED | PathInjection | tests.js:9:43:9:64 | // test ... jection |
+| PASSED | PathInjection | tests.js:12:50:12:71 | // test ... jection |
+| PASSED | PathInjection | tests.js:15:61:15:82 | // test ... jection |
+| PASSED | PathInjection | tests.js:18:73:18:94 | // test ... jection |
+failingPositiveTests
--- a/javascript/ql/test/experimental/Execa/PathInjection/tests.js
+++ b/javascript/ql/test/experimental/Execa/PathInjection/tests.js
@@ -0,0 +1,19 @@
+import { execa, $ } from 'execa';
+import http from 'node:http'
+import url from 'url'
+
+http.createServer(async function (req, res) {
+    let filePath = url.parse(req.url, true).query["filePath"][0];
+
+    // Piping to stdin from a file
+    await $({ inputFile: filePath })`cat` // test: PathInjection
+
+    // Piping to stdin from a file
+    await execa('cat', { inputFile: filePath }); // test: PathInjection
+
+    // Piping Stdout to file
+    await execa('echo', ['example3']).pipeStdout(filePath); // test: PathInjection
+
+    // Piping all of command output to file
+    await execa('echo', ['example4'], { all: true }).pipeAll(filePath); // test: PathInjection
+});
--- a/javascript/ql/test/experimental/Execa/PathInjection/tests.ql
+++ b/javascript/ql/test/experimental/Execa/PathInjection/tests.ql
@@ -0,0 +1,34 @@
+import javascript
+
+class InlineTest extends LineComment {
+  string tests;
+
+  InlineTest() { tests = this.getText().regexpCapture("\\s*test:(.*)", 1) }
+
+  string getPositiveTest() {
+    result = tests.trim().splitAt(",").trim() and not result.matches("!%")
+  }
+
+  predicate hasPositiveTest(string test) { test = this.getPositiveTest() }
+
+  predicate inNode(DataFlow::Node n) {
+    this.getLocation().getFile() = n.getFile() and
+    this.getLocation().getStartLine() = n.getStartLine()
+  }
+}
+
+import experimental.semmle.javascript.Execa
+
+query predicate passingPositiveTests(string res, string expectation, InlineTest t) {
+  res = "PASSED" and
+  t.hasPositiveTest(expectation) and
+  expectation = "PathInjection" and
+  exists(FileSystemReadAccess n | t.inNode(n.getAPathArgument()))
+}
+
+query predicate failingPositiveTests(string res, string expectation, InlineTest t) {
+  res = "FAILED" and
+  t.hasPositiveTest(expectation) and
+  expectation = "PathInjection" and
+  not exists(FileSystemReadAccess n | t.inNode(n.getAPathArgument()))
+}