hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: add DefaultParsedCommandLineArgumentsAsSource

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-11-14 14:46:31 +01:00
parent 2ea7d141c8
commit 8e6a19b3d3
4 changed files with 66 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
javascript/ql/src/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll
View File

@@ -39,6 +39,22 @@ module IndirectCommandInjection {
}
}
/**
* An object containing command-line arguments that were parsed with a default configuration, considered as a flow source for command injection.
*/
class DefaultParsedCommandLineArgumentsAsSource extends Source {
DefaultParsedCommandLineArgumentsAsSource() {
// `require('get-them-args')(...)` => `{ unknown: [], a: ... b: ... }`
this = DataFlow::moduleImport("get-them-args").getACall() or
// `require('minimist')(...)` => `{ _: [], a: ... b: ... }`
this = DataFlow::moduleImport("minimist").getACall() or
// `require('yargs').argv` => `{ _: [], a: ... b: ... }`
this = DataFlow::moduleMember("yargs", "argv") or
// `require('optimist').argv` => `{ _: [], a: ... b: ... }`
this = DataFlow::moduleMember("optimist", "argv")
}
}
/**
* A command-line argument that effectively is system-controlled, and therefore not likely to be exploitable when used in the execution of another command.
*/