JS: use extensible architecture for Electron- and NodeClientRequest

2026-05-04 05:05:12 +02:00 · 2018-09-03 14:41:19 +02:00
parent 2dd8e95a51
commit 2306afdebf
5 changed files with 57 additions and 11 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
@@ -10,7 +10,7 @@ import javascript
 /**
 * A call that performs a request to a URL.
 */
-class CustomClientRequest extends DataFlow::CallNode {
+class CustomClientRequest extends DataFlow::InvokeNode {

  /**
   * Gets the URL of the request.
@@ -21,7 +21,7 @@ class CustomClientRequest extends DataFlow::CallNode {
 /**
 * A call that performs a request to a URL.
 */
-class ClientRequest extends DataFlow::CallNode {
+class ClientRequest extends DataFlow::InvokeNode {

  CustomClientRequest custom;

--- a/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
@@ -33,29 +33,51 @@ module Electron {
      this = DataFlow::moduleMember("electron", "BrowserView").getAnInstantiation()
    }
  }
-  
+
  /**
   * A Node.js-style HTTP or HTTPS request made using an Electron module.
   */
-  abstract class ElectronClientRequest extends NodeJSLib::NodeJSClientRequest {}
+  abstract class CustomElectronClientRequest extends NodeJSLib::CustomNodeJSClientRequest {}
+
+  /**
+   * A Node.js-style HTTP or HTTPS request made using an Electron module.
+   */
+  class ElectronClientRequest extends NodeJSLib::NodeJSClientRequest {
+
+    ElectronClientRequest() {
+      this instanceof CustomElectronClientRequest
+    }
+
+  }
  
  /**
   * A Node.js-style HTTP or HTTPS request made using `electron.net`, for example `net.request(url)`.
   */
-  private class NetRequest extends ElectronClientRequest {
+  private class NetRequest extends CustomElectronClientRequest {
    NetRequest() {
      this = DataFlow::moduleMember("electron", "net").getAMemberCall("request")
    }
+
+    override DataFlow::Node getUrl() {
+      result = getArgument(0) or
+      result = getOptionArgument(0, "url")
+    }
+
  }
-  
-  
+
  /**
   * A Node.js-style HTTP or HTTPS request made using `electron.client`, for example `new client(url)`.
   */
-  private class NewClientRequest extends ElectronClientRequest {
+  private class NewClientRequest extends CustomElectronClientRequest {
    NewClientRequest() {
      this = DataFlow::moduleMember("electron", "ClientRequest").getAnInstantiation()
    }
+
+    override DataFlow::Node getUrl() {
+      result = getArgument(0) or
+      result = getOptionArgument(0, "url")
+    }
+
  }
  
    
--- a/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
@@ -504,14 +504,25 @@ module NodeJSLib {
  /**
   * A data flow node that is an HTTP or HTTPS client request made by a Node.js application, for example `http.request(url)`.
   */
-  abstract class NodeJSClientRequest extends DataFlow::DefaultSourceNode {
+  abstract class CustomNodeJSClientRequest extends CustomClientRequest {
+
+  }
+
+  /**
+   * A data flow node that is an HTTP or HTTPS client request made by a Node.js application, for example `http.request(url)`.
+   */
+  class NodeJSClientRequest extends ClientRequest {
+
+    NodeJSClientRequest() {
+      this instanceof CustomNodeJSClientRequest
+    }

  }
  
  /**
   * A model of a URL request in the Node.js `http` library.
   */
-  private class NodeHttpUrlRequest extends CustomClientRequest, NodeJSClientRequest {
+  private class NodeHttpUrlRequest extends CustomNodeJSClientRequest {

    DataFlow::Node url;

--- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest.expected
+++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest.expected
@@ -14,3 +14,9 @@
 | tst.js:33:5:33:19 | got.stream(url) | tst.js:33:16:33:18 | url |
 | tst.js:35:5:35:21 | window.fetch(url) | tst.js:35:18:35:20 | url |
 | tst.js:37:5:37:18 | nodeFetch(url) | tst.js:37:15:37:17 | url |
+| tst.js:39:5:39:20 | net.request(url) | tst.js:39:17:39:19 | url |
+| tst.js:41:5:41:29 | net.req ...  url }) | tst.js:41:17:41:28 | { url: url } |
+| tst.js:41:5:41:29 | net.req ...  url }) | tst.js:41:24:41:26 | url |
+| tst.js:43:5:43:26 | new Cli ... st(url) | tst.js:43:23:43:25 | url |
+| tst.js:45:5:45:35 | new Cli ...  url }) | tst.js:45:23:45:34 | { url: url } |
+| tst.js:45:5:45:35 | new Cli ...  url }) | tst.js:45:30:45:32 | url |
--- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js
+++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js
@@ -6,7 +6,7 @@ import express from 'express';
 import axios from 'axios';
 import got from 'got';
 import nodeFetch from 'node-fetch';
-
+import {ClientRequest, net} from 'electron';
 (function() {
    request(url);

@@ -36,4 +36,11 @@ import nodeFetch from 'node-fetch';

    nodeFetch(url);

+    net.request(url);
+
+    net.request({ url: url });
+
+    new ClientRequest(url);
+
+    new ClientRequest({ url: url });
 });