JavaScript: Reduce complexity of SystemCommandExecutors charpred.

2026-04-29 02:35:15 +02:00 · 2020-08-26 15:25:31 +01:00
parent e3a9906071
commit 500f7bd8fa
1 changed files with 65 additions and 65 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/SystemCommandExecutors.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/SystemCommandExecutors.qll
@@ -6,6 +6,56 @@
 import javascript
 private import ApiGraphs

+private predicate execApi(string mod, string fn, int cmdArg, int optionsArg, boolean shell) {
+  mod = "cross-spawn" and
+  fn = "sync" and
+  cmdArg = 0 and
+  shell = false and
+  optionsArg = -1
+  or
+  mod = "execa" and
+  optionsArg = -1 and
+  (
+    shell = false and
+    (
+      fn = "node" or
+      fn = "shell" or
+      fn = "shellSync" or
+      fn = "stdout" or
+      fn = "stderr" or
+      fn = "sync"
+    )
+    or
+    shell = true and
+    (fn = "command" or fn = "commandSync")
+  ) and
+  cmdArg = 0
+}
+
+private predicate execApi(string mod, int cmdArg, int optionsArg, boolean shell) {
+  shell = false and
+  (
+    mod = "cross-spawn" and cmdArg = 0 and optionsArg = -1
+    or
+    mod = "cross-spawn-async" and cmdArg = 0 and optionsArg = -1
+    or
+    mod = "exec-async" and cmdArg = 0 and optionsArg = -1
+    or
+    mod = "execa" and cmdArg = 0 and optionsArg = -1
+  )
+  or
+  shell = true and
+  (
+    mod = "exec" and
+    optionsArg = -2 and
+    cmdArg = 0
+    or
+    mod = "remote-exec" and
+    cmdArg = 1 and
+    optionsArg = -1
+  )
+}
+
 private class SystemCommandExecutors extends SystemCommandExecution, DataFlow::InvokeNode {
  int cmdArg;
  int optionsArg; // either a positive number representing the n'th argument, or a negative number representing the n'th last argument (e.g. -2 is the second last argument).
@@ -14,70 +64,20 @@ private class SystemCommandExecutors extends SystemCommandExecution, DataFlow::I

  SystemCommandExecutors() {
    exists(string mod, API::Feature callee |
-      exists(string method |
-        mod = "cross-spawn" and
-        method = "sync" and
-        cmdArg = 0 and
-        shell = false and
-        optionsArg = -1
-        or
-        mod = "execa" and
-        optionsArg = -1 and
-        (
-          shell = false and
-          (
-            method = "shell" or
-            method = "shellSync" or
-            method = "stdout" or
-            method = "stderr" or
-            method = "sync"
-          )
-          or
-          shell = true and
-          (method = "command" or method = "commandSync")
-        ) and
-        cmdArg = 0
-        or
-        mod = "execa" and
-        method = "node" and
-        cmdArg = 0 and
-        optionsArg = 1 and
-        shell = false
-      |
-        callee = API::moduleImport(mod).getMember(method) and
-        sync = getSync(method)
+      exists(string fn |
+        execApi(mod, fn, cmdArg, optionsArg, shell) and
+        sync = getSync(fn) and
+        callee = API::moduleImport(mod).getMember(fn)
      )
      or
+      execApi(mod, cmdArg, optionsArg, shell) and
      sync = false and
-      (
-        shell = false and
-        (
-          mod = "cross-spawn" and cmdArg = 0 and optionsArg = -1
-          or
-          mod = "cross-spawn-async" and cmdArg = 0 and optionsArg = -1
-          or
-          mod = "exec-async" and cmdArg = 0 and optionsArg = -1
-          or
-          mod = "execa" and cmdArg = 0 and optionsArg = -1
-        )
-        or
-        shell = true and
-        (
-          mod = "exec" and
-          optionsArg = -2 and
-          cmdArg = 0
-          or
-          mod = "remote-exec" and
-          cmdArg = 1 and
-          optionsArg = -1
-        )
-      ) and
      callee = API::moduleImport(mod)
    |
      this = callee.getReturn().getAUse()
    )
    or
-    this = DataFlow::moduleImport("foreground-child").getACall() and
+    this = API::moduleImport("foreground-child").getReturn().getAUse() and
    cmdArg = 0 and
    optionsArg = 1 and
    shell = false and
@@ -121,19 +121,19 @@ private class RemoteCommandExecutor extends SystemCommandExecution, DataFlow::In
  int cmdArg;

  RemoteCommandExecutor() {
-    this = DataFlow::moduleImport("remote-exec").getACall() and
+    this = API::moduleImport("remote-exec").getReturn().getAUse() and
    cmdArg = 1
    or
-    exists(DataFlow::SourceNode ssh2, DataFlow::SourceNode client |
-      ssh2 = DataFlow::moduleImport("ssh2") and
-      (client = ssh2 or client = ssh2.getAPropertyRead("Client")) and
-      this = client.getAnInstantiation().getAMethodCall("exec") and
+    exists(API::Feature ssh2, API::Feature client |
+      ssh2 = API::moduleImport("ssh2") and
+      client in [ssh2, ssh2.getMember("Client")] and
+      this = client.getInstance().getMember("exec").getReturn().getAUse() and
      cmdArg = 0
    )
    or
-    exists(DataFlow::SourceNode ssh2stream |
-      ssh2stream = DataFlow::moduleMember("ssh2-streams", "SSH2Stream") and
-      this = ssh2stream.getAnInstantiation().getAMethodCall("exec") and
+    exists(API::Feature ssh2stream |
+      ssh2stream = API::moduleImport("ssh2-streams").getMember("SSH2Stream") and
+      this = ssh2stream.getInstance().getMember("exec").getReturn().getAUse() and
      cmdArg = 1
    )
  }
@@ -148,7 +148,7 @@ private class RemoteCommandExecutor extends SystemCommandExecution, DataFlow::In
 }

 private class Opener extends SystemCommandExecution, DataFlow::InvokeNode {
-  Opener() { this = DataFlow::moduleImport("opener").getACall() }
+  Opener() { this = API::moduleImport("opener").getReturn().getAUse() }

  override DataFlow::Node getACommandArgument() { result = getOptionArgument(1, "command") }