hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: add additional SystemCommandExecutors

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-06-05 14:10:07 +02:00
parent 58285c08dd
commit 299d4c6e93
5 changed files with 135 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -50,6 +50,23 @@ nodes
| execSeries.js:18:34:18:40 | req.url |
| execSeries.js:19:12:19:16 | [cmd] |
| execSeries.js:19:13:19:15 | cmd |
| other.js:5:9:5:49 | cmd |
| other.js:5:15:5:38 | url.par ... , true) |
| other.js:5:15:5:44 | url.par ... ).query |
| other.js:5:15:5:49 | url.par ... ry.path |
| other.js:5:25:5:31 | req.url |
| other.js:7:33:7:35 | cmd |
| other.js:8:28:8:30 | cmd |
| other.js:9:32:9:34 | cmd |
| other.js:10:29:10:31 | cmd |
| other.js:11:29:11:31 | cmd |
| other.js:12:27:12:29 | cmd |
| other.js:14:28:14:30 | cmd |
| other.js:15:34:15:36 | cmd |
| other.js:16:21:16:23 | cmd |
| other.js:17:27:17:29 | cmd |
| other.js:18:22:18:24 | cmd |
| other.js:19:36:19:38 | cmd |
edges
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
@@ -101,6 +118,22 @@ edges
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands |
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] |
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd |
| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd |
| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd |
| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd |
| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd |
| other.js:5:15:5:38 | url.par ... , true) | other.js:5:15:5:44 | url.par ... ).query |
| other.js:5:15:5:44 | url.par ... ).query | other.js:5:15:5:49 | url.par ... ry.path |
| other.js:5:15:5:49 | url.par ... ry.path | other.js:5:9:5:49 | cmd |
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) |
#select
| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
@@ -115,3 +148,15 @@ edges
| child_process-test.js:51:5:51:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:50:15:50:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:56:3:56:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command depends on $@. | execSeries.js:18:34:18:40 | req.url | a user-provided value |
| other.js:7:33:7:35 | cmd | other.js:5:25:5:31 | req.url | other.js:7:33:7:35 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:8:28:8:30 | cmd | other.js:5:25:5:31 | req.url | other.js:8:28:8:30 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:9:32:9:34 | cmd | other.js:5:25:5:31 | req.url | other.js:9:32:9:34 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:10:29:10:31 | cmd | other.js:5:25:5:31 | req.url | other.js:10:29:10:31 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:11:29:11:31 | cmd | other.js:5:25:5:31 | req.url | other.js:11:29:11:31 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:12:27:12:29 | cmd | other.js:5:25:5:31 | req.url | other.js:12:27:12:29 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:14:28:14:30 | cmd | other.js:5:25:5:31 | req.url | other.js:14:28:14:30 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:15:34:15:36 | cmd | other.js:5:25:5:31 | req.url | other.js:15:34:15:36 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:16:21:16:23 | cmd | other.js:5:25:5:31 | req.url | other.js:16:21:16:23 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:17:27:17:29 | cmd | other.js:5:25:5:31 | req.url | other.js:17:27:17:29 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:18:22:18:24 | cmd | other.js:5:25:5:31 | req.url | other.js:18:22:18:24 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
| other.js:19:36:19:38 | cmd | other.js:5:25:5:31 | req.url | other.js:19:36:19:38 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |

34
javascript/ql/test/query-tests/Security/CWE-078/other.js
View File

@@ -1,26 +1,20 @@
var http =require('http'),
url = require('url');
var http = require("http"),
url = require("url");
var server = http.createServer(function(req, res) {
let cmd = url.parse(req.url, true).query.path;
var exec = require('exec');
require("cross-spawn").sync(cmd); // NOT OK
require("execa").shell(cmd); // NOT OK
require("execa").shellSync(cmd); // NOT OK
require("execa").stdout(cmd); // NOT OK
require("execa").stderr(cmd); // NOT OK
require("execa").sync(cmd); // NOT OK
exec('foo'); // OK
require('exec')('foo'); // OK
require('exec-async').someFunction('foo'); // OK
require('spawn-async').someFunction('foo'); // OK
require('shelljs').someFunction('foo'); // OK
require('remote-exec').someFunction('foo'); // OK
require('cross-spawn').someFunction('foo'); // OK
// NB :: we do not identify the following as sinks yet!
exec(cmd); // OK (for now)
require('exec')(cmd); // OK (for now)
require('exec-async').someFunction(cmd); // OK (for now)
require('spawn-async').someFunction(cmd); // OK (for now)
require('shelljs').someFunction(cmd); // OK (for now)
require('remote-exec').someFunction(cmd); // OK (for now)
require('cross-spawn').someFunction(cmd); // OK (for now)
require("cross-spawn")(cmd); // NOT OK
require("cross-spawn-async")(cmd); // NOT OK
require("exec")(cmd); // NOT OK
require("exec-async")(cmd); // NOT OK
require("execa")(cmd); // NOT OK
require("remote-exec")(target, cmd); // NOT OK
});