hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add sink model for mkdirp and update tests for path injection alerts.

Browse Source
This commit is contained in:
Napalys
2025-04-02 16:29:18 +02:00
parent 533f1a93e2
commit 3fa24d6026
3 changed files with 42 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/lib/ext/mkdirp.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sinkModel
data:
- ["mkdirp", "Member[nativeSync,native,manual,manualSync,mkdirpNative,mkdirpManual,mkdirpManualSync,mkdirpNativeSync,mkdirpSync].Argument[0]", "path-injection"]

27
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

@@ -54,6 +54,15 @@
| hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value |
| mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:13:23:13:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:13:23:13:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:14:19:14:25 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:14:19:14:25 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:15:19:15:25 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:15:19:15:25 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:16:23:16:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:16:23:16:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:17:25:17:31 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:17:25:17:31 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:18:25:18:31 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:18:25:18:31 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:19:29:19:35 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:19:29:19:35 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:20:29:20:35 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:20:29:20:35 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| mkdirp.js:21:23:21:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:21:23:21:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value |
| more-fs-extra.js:10:15:10:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:10:15:10:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
| more-fs-extra.js:11:11:11:18 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:11:11:11:18 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
| more-fs-extra.js:12:14:12:21 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:12:14:12:21 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
@@ -394,6 +403,15 @@ edges
| hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:12:17:12:23 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:13:23:13:29 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:14:19:14:25 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:15:19:15:25 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:16:23:16:29 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:17:25:17:31 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:18:25:18:31 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:19:29:19:35 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:20:29:20:35 | dirPath | provenance | |
| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:21:23:21:29 | dirPath | provenance | |
| mkdirp.js:9:21:9:76 | path.jo ... ltDir') | mkdirp.js:9:11:9:76 | dirPath | provenance | |
| mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:9:42:9:75 | req.que ... ultDir' | provenance | |
| mkdirp.js:9:42:9:75 | req.que ... ultDir' | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | provenance | Config |
@@ -932,6 +950,15 @@ nodes
| mkdirp.js:9:42:9:75 | req.que ... ultDir' | semmle.label | req.que ... ultDir' |
| mkdirp.js:11:12:11:18 | dirPath | semmle.label | dirPath |
| mkdirp.js:12:17:12:23 | dirPath | semmle.label | dirPath |
| mkdirp.js:13:23:13:29 | dirPath | semmle.label | dirPath |
| mkdirp.js:14:19:14:25 | dirPath | semmle.label | dirPath |
| mkdirp.js:15:19:15:25 | dirPath | semmle.label | dirPath |
| mkdirp.js:16:23:16:29 | dirPath | semmle.label | dirPath |
| mkdirp.js:17:25:17:31 | dirPath | semmle.label | dirPath |
| mkdirp.js:18:25:18:31 | dirPath | semmle.label | dirPath |
| mkdirp.js:19:29:19:35 | dirPath | semmle.label | dirPath |
| mkdirp.js:20:29:20:35 | dirPath | semmle.label | dirPath |
| mkdirp.js:21:23:21:29 | dirPath | semmle.label | dirPath |
| more-fs-extra.js:8:11:8:22 | { filename } | semmle.label | { filename } |
| more-fs-extra.js:8:11:8:33 | filename | semmle.label | filename |
| more-fs-extra.js:8:13:8:20 | filename | semmle.label | filename |

18
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js
View File

@@ -10,13 +10,13 @@ app.post('/foo', async (req, res) => {
mkdirp(dirPath); // $ Alert
mkdirp.sync(dirPath); // $ Alert
mkdirp.nativeSync(dirPath); // $ MISSING: Alert
mkdirp.native(dirPath); // $ MISSING: Alert
mkdirp.manual(dirPath); // $ MISSING: Alert
mkdirp.manualSync(dirPath); // $ MISSING: Alert
mkdirp.mkdirpNative(dirPath); // $ MISSING: Alert
mkdirp.mkdirpManual(dirPath); // $ MISSING: Alert
mkdirp.mkdirpManualSync(dirPath); // $ MISSING: Alert
mkdirp.mkdirpNativeSync(dirPath); // $ MISSING: Alert
mkdirp.mkdirpSync(dirPath); // $ MISSING: Alert
mkdirp.nativeSync(dirPath); // $ Alert
mkdirp.native(dirPath); // $ Alert
mkdirp.manual(dirPath); // $ Alert
mkdirp.manualSync(dirPath); // $ Alert
mkdirp.mkdirpNative(dirPath); // $ Alert
mkdirp.mkdirpManual(dirPath); // $ Alert
mkdirp.mkdirpManualSync(dirPath); // $ Alert
mkdirp.mkdirpNativeSync(dirPath); // $ Alert
mkdirp.mkdirpSync(dirPath); // $ Alert
});