add model for puppeteer

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

@@ -2168,6 +2168,24 @@ nodes
 | other-fs-libraries.js:42:53:42:56 | path |
 | other-fs-libraries.js:42:53:42:56 | path |
 | other-fs-libraries.js:42:53:42:56 | path |
+| pupeteer.js:5:9:5:71 | tainted |
+| pupeteer.js:5:9:5:71 | tainted |
+| pupeteer.js:5:9:5:71 | tainted |
+| pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
+| pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
+| pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name |
+| pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:13:37:13:43 | tainted |
 | tainted-access-paths.js:6:7:6:48 | path |
 | tainted-access-paths.js:6:7:6:48 | path |
 | tainted-access-paths.js:6:7:6:48 | path |
@@ -6403,6 +6421,27 @@ edges
 | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) |
 | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) |
 | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted |
+| pupeteer.js:5:19:5:71 | "dir/"  ... t.data" | pupeteer.js:5:9:5:71 | tainted |
+| pupeteer.js:5:19:5:71 | "dir/"  ... t.data" | pupeteer.js:5:9:5:71 | tainted |
+| pupeteer.js:5:19:5:71 | "dir/"  ... t.data" | pupeteer.js:5:9:5:71 | tainted |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/"  ... t.data" |
 | tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path |
 | tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path |
 | tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path |
@@ -8007,6 +8046,8 @@ edges
 | other-fs-libraries.js:40:35:40:38 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:40:35:40:38 | path | This path depends on $@. | other-fs-libraries.js:38:24:38:30 | req.url | a user-provided value |
 | other-fs-libraries.js:41:50:41:53 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:41:50:41:53 | path | This path depends on $@. | other-fs-libraries.js:38:24:38:30 | req.url | a user-provided value |
 | other-fs-libraries.js:42:53:42:56 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:42:53:42:56 | path | This path depends on $@. | other-fs-libraries.js:38:24:38:30 | req.url | a user-provided value |
+| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | a user-provided value |
+| pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | a user-provided value |
 | tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
 | tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
 | tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js

@@ -0,0 +1,18 @@
+const puppeteer = require('puppeteer');
+const parseTorrent = require('parse-torrent');
+
+(async () => {
+    let tainted = "dir/" + parseTorrent(torrent).name + ".torrent.data";
+
+    const browser = await puppeteer.launch();
+    const page = await browser.newPage();
+    await page.pdf({ path: tainted, format: 'a4' });
+
+    const pages = await browser.pages();
+    for (let i = 0; i < something(); i++) {
+        pages[i].screenshot({ path: tainted });
+    }
+
+    await browser.close();
+})();
+