hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

add model for "meow"

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-11-26 15:57:33 +01:00
committed by GitHub
parent c5ac98d2e8
commit 269de49196
3 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll
View File

@@ -63,6 +63,9 @@ module IndirectCommandInjection {
or
// `require('command-line-args')({...spec})` => `{a: ..., b: ...}`
this = DataFlow::moduleImport("command-line-args").getACall()
or
// `require('meow')(help, {...spec})` => `{a: ..., b: ....}`
this = DataFlow::moduleImport("meow").getACall()
}
}

16
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection.expected
View File

@@ -165,6 +165,14 @@ nodes
| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo |
| command-line-parameter-command-injection.js:108:22:108:28 | options |
| command-line-parameter-command-injection.js:108:22:108:32 | options.foo |
| command-line-parameter-command-injection.js:114:8:114:52 | cli |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) |
| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] |
| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] |
| command-line-parameter-command-injection.js:116:22:116:24 | cli |
| command-line-parameter-command-injection.js:116:22:116:30 | cli.input |
| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] |
edges
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
@@ -310,6 +318,13 @@ edges
| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:22:108:32 | options.foo |
| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo |
| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo |
| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli |
| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:22:116:30 | cli.input |
| command-line-parameter-command-injection.js:116:22:116:30 | cli.input | command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] |
| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] |
| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] |
#select
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line argument |
@@ -338,3 +353,4 @@ edges
| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line argument |
| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line argument |
| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line argument |
| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line argument |

8
javascript/ql/test/query-tests/Security/CWE-078/command-line-parameter-command-injection.js
View File

@@ -106,4 +106,12 @@ cp.exec("cmd.sh " + require("optimist").argv.foo); // NOT OK
const commandLineArgs = require('command-line-args');
const options = commandLineArgs(optionDefinitions);
cp.exec("cmd.sh " + options.foo); // NOT OK
});
(function () {
const meow = require('meow');
const cli = meow(`helpstring`, {flags: {...flags}});
cp.exec("cmd.sh " + cli.input[0]); // NOT OK
});