do review improvements

2026-05-05 13:45:19 +02:00 · 2023-10-06 16:07:10 +02:00
parent 2c74dc23c9
commit 7d961e1af2
6 changed files with 616 additions and 81 deletions
--- a/javascript/ql/test/library-tests/frameworks/Execa/Execa.ql
+++ b/javascript/ql/test/library-tests/frameworks/Execa/Execa.ql
@@ -1,12 +0,0 @@
-import javascript
-
-query predicate test_FileSystemAccess(FileSystemAccess access) { any() }
-
-query predicate test_MissingFileSystemAccess(VarAccess var) {
-  var.getName().matches("file%") and
-  not exists(FileSystemAccess access | access.getAPathArgument().asExpr() = var)
-}
-
-query predicate test_SystemCommandExecution(SystemCommandExecution exec) { any() }
-
-query predicate test_FileNameSource(FileNameSource exec) { any() }
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
@@ -1535,6 +1535,159 @@ nodes
 | TaintedPath.js:214:35:214:38 | path |
 | TaintedPath.js:214:35:214:38 | path |
 | TaintedPath.js:214:35:214:38 | path |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:30:6:36 | req.url |
+| execa.js:6:30:6:36 | req.url |
+| execa.js:6:30:6:36 | req.url |
+| execa.js:6:30:6:36 | req.url |
+| execa.js:6:30:6:36 | req.url |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:9:26:9:33 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:12:37:12:44 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:15:50:15:57 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
+| execa.js:18:62:18:69 | filePath |
 | express.js:8:20:8:32 | req.query.bar |
 | express.js:8:20:8:32 | req.query.bar |
 | express.js:8:20:8:32 | req.query.bar |
@@ -6635,6 +6788,230 @@ edges
 | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) |
 | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) |
 | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
+| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) |
 | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar |
 | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath |
 | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath |
@@ -10345,6 +10722,10 @@ edges
 | TaintedPath.js:212:31:212:34 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:212:31:212:34 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
 | TaintedPath.js:213:45:213:48 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:45:213:48 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
 | TaintedPath.js:214:35:214:38 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:214:35:214:38 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
+| execa.js:9:26:9:33 | filePath | execa.js:6:30:6:36 | req.url | execa.js:9:26:9:33 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value |
+| execa.js:12:37:12:44 | filePath | execa.js:6:30:6:36 | req.url | execa.js:12:37:12:44 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value |
+| execa.js:15:50:15:57 | filePath | execa.js:6:30:6:36 | req.url | execa.js:15:50:15:57 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value |
+| execa.js:18:62:18:69 | filePath | execa.js:6:30:6:36 | req.url | execa.js:18:62:18:69 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value |
 | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value |
 | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |
 | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js
@@ -0,0 +1,19 @@
+import { execa, $ } from 'execa';
+import http from 'node:http'
+import url from 'url'
+
+http.createServer(async function (req, res) {
+    let filePath = url.parse(req.url, true).query["filePath"][0];
+
+    // Piping to stdin from a file
+    await $({ inputFile: filePath })`cat`  // NOT OK
+
+    // Piping to stdin from a file
+    await execa('cat', { inputFile: filePath }); // NOT OK
+
+    // Piping Stdout to file
+    await execa('echo', ['example3']).pipeStdout(filePath); // NOT OK
+
+    // Piping all of command output to file
+    await execa('echo', ['example4'], { all: true }).pipeAll(filePath); // NOT OK
+});
--- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected
@@ -103,6 +103,55 @@ nodes
 | execSeries.js:18:34:18:40 | req.url |
 | execSeries.js:19:12:19:16 | [cmd] |
 | execSeries.js:19:13:19:15 | cmd |
+| execa.js:6:9:6:54 | cmd |
+| execa.js:6:15:6:38 | url.par ... , true) |
+| execa.js:6:15:6:44 | url.par ... ).query |
+| execa.js:6:15:6:51 | url.par ... ["cmd"] |
+| execa.js:6:15:6:54 | url.par ... md"][0] |
+| execa.js:6:25:6:31 | req.url |
+| execa.js:6:25:6:31 | req.url |
+| execa.js:7:9:7:51 | arg |
+| execa.js:7:15:7:38 | url.par ... , true) |
+| execa.js:7:15:7:44 | url.par ... ).query |
+| execa.js:7:15:7:51 | url.par ... ["arg"] |
+| execa.js:7:25:7:31 | req.url |
+| execa.js:7:25:7:31 | req.url |
+| execa.js:9:15:9:17 | cmd |
+| execa.js:9:15:9:17 | cmd |
+| execa.js:10:14:10:16 | cmd |
+| execa.js:10:14:10:16 | cmd |
+| execa.js:11:32:11:34 | cmd |
+| execa.js:11:32:11:34 | cmd |
+| execa.js:12:33:12:35 | cmd |
+| execa.js:12:33:12:35 | cmd |
+| execa.js:14:17:14:19 | cmd |
+| execa.js:14:17:14:19 | cmd |
+| execa.js:15:17:15:19 | cmd |
+| execa.js:15:17:15:19 | cmd |
+| execa.js:16:17:16:19 | cmd |
+| execa.js:16:17:16:19 | cmd |
+| execa.js:17:17:17:19 | cmd |
+| execa.js:17:17:17:19 | cmd |
+| execa.js:18:15:18:17 | cmd |
+| execa.js:18:15:18:17 | cmd |
+| execa.js:19:15:19:17 | cmd |
+| execa.js:19:15:19:17 | cmd |
+| execa.js:21:24:21:26 | cmd |
+| execa.js:21:24:21:32 | cmd + arg |
+| execa.js:21:24:21:32 | cmd + arg |
+| execa.js:21:30:21:32 | arg |
+| execa.js:22:22:22:24 | cmd |
+| execa.js:22:22:22:30 | cmd + arg |
+| execa.js:22:22:22:30 | cmd + arg |
+| execa.js:22:28:22:30 | arg |
+| execa.js:23:24:23:26 | cmd |
+| execa.js:23:24:23:32 | cmd + arg |
+| execa.js:23:24:23:32 | cmd + arg |
+| execa.js:23:30:23:32 | arg |
+| execa.js:24:22:24:24 | cmd |
+| execa.js:24:22:24:30 | cmd + arg |
+| execa.js:24:22:24:30 | cmd + arg |
+| execa.js:24:28:24:30 | arg |
 | form-parsers.js:9:8:9:39 | "touch  ... nalname |
 | form-parsers.js:9:8:9:39 | "touch  ... nalname |
 | form-parsers.js:9:19:9:26 | req.file |
@@ -286,6 +335,61 @@ edges
 | execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
 | execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands |
 | execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] |
+| execa.js:6:9:6:54 | cmd | execa.js:9:15:9:17 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:9:15:9:17 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:10:14:10:16 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:10:14:10:16 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:11:32:11:34 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:11:32:11:34 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:12:33:12:35 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:12:33:12:35 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:14:17:14:19 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:14:17:14:19 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:15:17:15:19 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:15:17:15:19 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:16:17:16:19 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:16:17:16:19 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:17:17:17:19 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:17:17:17:19 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:18:15:18:17 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:18:15:18:17 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:19:15:19:17 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:19:15:19:17 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:21:24:21:26 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:22:22:22:24 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:23:24:23:26 | cmd |
+| execa.js:6:9:6:54 | cmd | execa.js:24:22:24:24 | cmd |
+| execa.js:6:15:6:38 | url.par ... , true) | execa.js:6:15:6:44 | url.par ... ).query |
+| execa.js:6:15:6:44 | url.par ... ).query | execa.js:6:15:6:51 | url.par ... ["cmd"] |
+| execa.js:6:15:6:51 | url.par ... ["cmd"] | execa.js:6:15:6:54 | url.par ... md"][0] |
+| execa.js:6:15:6:54 | url.par ... md"][0] | execa.js:6:9:6:54 | cmd |
+| execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) |
+| execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) |
+| execa.js:7:9:7:51 | arg | execa.js:21:30:21:32 | arg |
+| execa.js:7:9:7:51 | arg | execa.js:22:28:22:30 | arg |
+| execa.js:7:9:7:51 | arg | execa.js:23:30:23:32 | arg |
+| execa.js:7:9:7:51 | arg | execa.js:24:28:24:30 | arg |
+| execa.js:7:15:7:38 | url.par ... , true) | execa.js:7:15:7:44 | url.par ... ).query |
+| execa.js:7:15:7:44 | url.par ... ).query | execa.js:7:15:7:51 | url.par ... ["arg"] |
+| execa.js:7:15:7:51 | url.par ... ["arg"] | execa.js:7:9:7:51 | arg |
+| execa.js:7:25:7:31 | req.url | execa.js:7:15:7:38 | url.par ... , true) |
+| execa.js:7:25:7:31 | req.url | execa.js:7:15:7:38 | url.par ... , true) |
+| execa.js:21:24:21:26 | cmd | execa.js:21:24:21:32 | cmd + arg |
+| execa.js:21:24:21:26 | cmd | execa.js:21:24:21:32 | cmd + arg |
+| execa.js:21:30:21:32 | arg | execa.js:21:24:21:32 | cmd + arg |
+| execa.js:21:30:21:32 | arg | execa.js:21:24:21:32 | cmd + arg |
+| execa.js:22:22:22:24 | cmd | execa.js:22:22:22:30 | cmd + arg |
+| execa.js:22:22:22:24 | cmd | execa.js:22:22:22:30 | cmd + arg |
+| execa.js:22:28:22:30 | arg | execa.js:22:22:22:30 | cmd + arg |
+| execa.js:22:28:22:30 | arg | execa.js:22:22:22:30 | cmd + arg |
+| execa.js:23:24:23:26 | cmd | execa.js:23:24:23:32 | cmd + arg |
+| execa.js:23:24:23:26 | cmd | execa.js:23:24:23:32 | cmd + arg |
+| execa.js:23:30:23:32 | arg | execa.js:23:24:23:32 | cmd + arg |
+| execa.js:23:30:23:32 | arg | execa.js:23:24:23:32 | cmd + arg |
+| execa.js:24:22:24:24 | cmd | execa.js:24:22:24:30 | cmd + arg |
+| execa.js:24:22:24:24 | cmd | execa.js:24:22:24:30 | cmd + arg |
+| execa.js:24:28:24:30 | arg | execa.js:24:22:24:30 | cmd + arg |
+| execa.js:24:28:24:30 | arg | execa.js:24:22:24:30 | cmd + arg |
 | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname |
 | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname |
 | form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch  ... nalname |
@@ -391,6 +495,24 @@ edges
 | exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value |
 | exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value |
 | execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value |
+| execa.js:9:15:9:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:9:15:9:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:10:14:10:16 | cmd | execa.js:6:25:6:31 | req.url | execa.js:10:14:10:16 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:11:32:11:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:11:32:11:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:12:33:12:35 | cmd | execa.js:6:25:6:31 | req.url | execa.js:12:33:12:35 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:14:17:14:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:14:17:14:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:15:17:15:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:15:17:15:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:16:17:16:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:16:17:16:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:17:17:17:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:17:17:17:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:18:15:18:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:18:15:18:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:19:15:19:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:19:15:19:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:21:24:21:32 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:21:24:21:32 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:21:24:21:32 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:21:24:21:32 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value |
+| execa.js:22:22:22:30 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:22:22:22:30 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:22:22:22:30 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:22:22:22:30 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value |
+| execa.js:23:24:23:32 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:23:24:23:32 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:23:24:23:32 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:23:24:23:32 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value |
+| execa.js:24:22:24:30 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:24:22:24:30 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
+| execa.js:24:22:24:30 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:24:22:24:30 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value |
 | form-parsers.js:9:8:9:39 | "touch  ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch  ... nalname | This command line depends on a $@. | form-parsers.js:9:19:9:26 | req.file | user-provided value |
 | form-parsers.js:14:10:14:37 | "touch  ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch  ... nalname | This command line depends on a $@. | form-parsers.js:13:3:13:11 | req.files | user-provided value |
 | form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | This command line depends on a $@. | form-parsers.js:24:48:24:55 | filename | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js
+++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js
@@ -0,0 +1,25 @@
+import { execa, execaSync, execaCommand, execaCommandSync, $ } from 'execa';
+import http from 'node:http'
+import url from 'url'
+
+http.createServer(async function (req, res) {
+    let cmd = url.parse(req.url, true).query["cmd"][0];
+    let arg = url.parse(req.url, true).query["arg"];
+
+    await $`${cmd} ${arg}`; // NOT OK
+    $.sync`${cmd} ${arg}`; // NOT OK
+    await $({ shell: true })`${cmd} ${arg}` // NOT OK
+    await $({ shell: false })`${cmd} ${arg}` // NOT OK
+
+    await execa(cmd, [arg]); // NOT OK
+    await execa(cmd, { shell: true }); // NOT OK
+    await execa(cmd, { shell: true }); // NOT OK
+    await execa(cmd, [arg], { shell: true }); // NOT OK
+    execaSync(cmd, [arg]); // NOT OK
+    execaSync(cmd, [arg], { shell: true }); // NOT OK
+
+    await execaCommand(cmd + arg); // NOT OK
+    execaCommandSync(cmd + arg); // NOT OK
+    await execaCommand(cmd + arg, { shell: true }); // NOT OK
+    execaCommandSync(cmd + arg, { shell: true }); // NOT OK
+});