Merge pull request #2338 from esbena/js/model-get-them-args

Approved by max-schaefer

javascript/ql/src/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll

@@ -39,6 +39,22 @@ module IndirectCommandInjection {
     }
   }
 
+  /**
+   * An object containing parsed command-line arguments, considered as a flow source for command injection.
+   */
+  class ParsedCommandLineArgumentsAsSource extends Source {
+    ParsedCommandLineArgumentsAsSource() {
+      // `require('get-them-args')(...)` => `{ unknown: [], a: ... b: ... }`
+      this = DataFlow::moduleImport("get-them-args").getACall() or
+      // `require('minimist')(...)` => `{ _: [], a: ... b: ... }`
+      this = DataFlow::moduleImport("minimist").getACall() or
+      // `require('yargs').argv` => `{ _: [], a: ... b: ... }`
+      this = DataFlow::moduleMember("yargs", "argv") or
+      // `require('optimist').argv` => `{ _: [], a: ... b: ... }`
+      this = DataFlow::moduleMember("optimist", "argv")
+    }
+  }
+
   /**
    * A command-line argument that effectively is system-controlled, and therefore not likely to be exploitable when used in the execution of another command.
    */