update pg :)

2026-04-27 01:35:13 +02:00 · 2023-10-10 11:42:32 +02:00
parent 18edef6ea4
commit 242f7e1c53
4 changed files with 31 additions and 2 deletions
--- a/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
@@ -104,7 +104,7 @@ private module Postgres {
  API::Node clientOrPool() { result = API::Node::ofType("pg", ["Client", "PoolClient", "Pool"]) }

  /** A call to the Postgres `query` method. */
-  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
+  private class QueryCall extends DatabaseAccess, API::CallNode {
    QueryCall() { this = clientOrPool().getMember(["execute", "query"]).getACall() }

    override DataFlow::Node getAResult() {
@@ -117,15 +117,22 @@ private module Postgres {
      PromiseFlow::loadStep(this.getALocalUse(), result, Promises::valueProp())
    }

-    override DataFlow::Node getAQueryArgument() { result = this.getArgument(0) }
+    override DataFlow::Node getAQueryArgument() {
+      result = this.getArgument(0) or result = this.getParameter(0).getMember("text").asSink()
+    }
  }

+  /** Gets a Postgres Query member. */
+  API::Node query() { result = API::moduleImport("pg").getMember("Query") }
+
  /** An expression that is passed to the `query` method and hence interpreted as SQL. */
  class QueryString extends SQL::SqlString {
    QueryString() {
      this = any(QueryCall qc).getAQueryArgument()
      or
      this = API::moduleImport("pg-cursor").getParameter(0).asSink()
+      or
+      this = query().getParameter(0).asSink()
    }
  }

--- a/javascript/ql/test/library-tests/frameworks/SQL/Credentials.expected
+++ b/javascript/ql/test/library-tests/frameworks/SQL/Credentials.expected
@@ -20,6 +20,7 @@
 | postgres2.js:12:13:12:20 | 'secret' | password |
 | postgres4.js:4:9:4:16 | 'dbuser' | user name |
 | postgres4.js:7:13:7:28 | 'secretpassword' | password |
+| postgres6.js:8:11:8:20 | 'postgres' | user name |
 | sequelize2.js:4:45:9:1 | {\\n  dia ... word'\\n} | user name |
 | sequelize2.js:7:13:7:22 | 'username' | user name |
 | sequelize2.js:8:13:8:22 | 'password' | password |
--- a/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
+++ b/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
@@ -38,6 +38,9 @@
 | postgres2.js:46:26:46:46 | 'SELECT ...  users' |
 | postgres3.js:15:16:15:40 | 'SELECT ... s name' |
 | postgres5.js:8:21:8:25 | query |
+| postgres6.js:13:11:13:44 | 'SELECT ... E id=6' |
+| postgres6.js:16:20:16:27 | queryObj |
+| postgres6.js:18:11:18:44 | 'SELECT ... E id=7' |
 | postgres-types.ts:4:18:4:29 | 'SELECT 123' |
 | postgresImport.js:4:18:4:43 | 'SELECT ... number' |
 | sequelize2.js:10:17:10:118 | 'SELECT ... Y name' |
--- a/javascript/ql/test/library-tests/frameworks/SQL/postgres6.js
+++ b/javascript/ql/test/library-tests/frameworks/SQL/postgres6.js
@@ -0,0 +1,18 @@
+import pkg from 'pg';
+
+const { Query, Client } = pkg;
+const client = new Client({
+    host: '127.0.0.1',
+    port: 5432,
+    database: 'testsqli',
+    user: 'postgres'
+})
+
+const queryObj = {
+    name: 'get-name',
+    text: 'SELECT * FROM  "user" WHERE id=6'
+}
+
+await client.query(queryObj) // Already Implemented
+
+new Query('SELECT * FROM  "user" WHERE id=7')