hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

change commandExecution sink to CodeInjection sink

Browse Source
This commit is contained in:
amammad
2023-09-22 19:37:17 +10:00
parent 06114d91d8
commit 344869f0d7
4 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll
View File

@@ -6,6 +6,7 @@ import javascript
import semmle.javascript.frameworks.HTTP
import semmle.javascript.security.SensitiveActions
private import semmle.javascript.dataflow.internal.PreCallGraphStep
private import semmle.javascript.security.dataflow.CodeInjectionCustomizations
module NodeJSLib {
private GlobalVariable processVariable() { variables(result, "process", any(GlobalScope sc)) }
@@ -763,16 +764,8 @@ module NodeJSLib {
/**
* The dynamic import expression input can be a `data:` URL which loads any module from that data
*/
class DynamicImport extends SystemCommandExecution, DataFlow::ExprNode {
class DynamicImport extends CodeInjection::Sink, DataFlow::ExprNode {
DynamicImport() { this = any(DynamicImportExpr e).getAChildExpr().flow() }
override DataFlow::Node getACommandArgument() { result = this }
override predicate isShellInterpreted(DataFlow::Node arg) { arg = this }
override predicate isSync() { none() }
override DataFlow::Node getOptionsArg() { none() }
}
/**

4
javascript/ql/test/library-tests/frameworks/NodeJSLib/CodeInjectionSink.qll Normal file
View File

@@ -0,0 +1,4 @@
import javascript
private import semmle.javascript.security.dataflow.CodeInjectionCustomizations
query predicate test_CodeInjectionSink(CodeInjection::Sink cmd, DataFlow::Node res) { res = cmd }

3
javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected
View File

@@ -230,7 +230,6 @@ test_SystemCommandExecution
| exec.js:5:1:5:23 | cp.fork ... "arg"]) | exec.js:5:9:5:13 | "foo" |
| exec.js:6:1:6:28 | cp.spaw ... "], cb) | exec.js:6:10:6:15 | "echo" |
| exec.js:7:1:7:37 | cp.spaw ... here"]) | exec.js:7:14:7:19 | "echo" |
| exec.js:10:14:10:58 | 'data:t ... lo!");' | exec.js:10:14:10:58 | 'data:t ... lo!");' |
test_HeaderDefinition_defines
| src/http.js:13:3:13:44 | res.set ... /html') | content-type | text/html |
| src/https.js:13:3:13:44 | res.set ... /html') | content-type | text/html |
@@ -418,3 +417,5 @@ test_SystemCommandExecution_getAnArgumentForCommand
| exec.js:5:1:5:23 | cp.fork ... "arg"]) | exec.js:5:16:5:22 | ["arg"] |
| exec.js:6:1:6:28 | cp.spaw ... "], cb) | exec.js:6:18:6:23 | ["Hi"] |
| exec.js:7:1:7:37 | cp.spaw ... here"]) | exec.js:7:22:7:36 | ["Hi", "there"] |
test_CodeInjectionSink
| exec.js:10:14:10:58 | 'data:t ... lo!");' | exec.js:10:14:10:58 | 'data:t ... lo!");' |

1
javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.ql
View File

@@ -22,3 +22,4 @@ import RequestExpr
import SystemCommandExecution_getAnArgumentForCommand
import Credentials
import RouteHandler_getARequestExpr
import CodeInjectionSink