JavaScript: Add query for Node.js integration in Electron framework

2026-05-04 13:15:21 +02:00 · 2018-09-06 11:38:08 -07:00
parent ec626573c8
commit 9179701248
8 changed files with 184 additions and 0 deletions
--- a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.expected
+++ b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.expected
@@ -0,0 +1,5 @@
+| EnablingNodeIntegration.js:5:28:11:9 | {\\r\\n     ...       } | nodeIntegration property may have been enabled on this object that could result in RCE |
+| EnablingNodeIntegration.js:5:28:11:9 | {\\r\\n     ...       } | nodeIntegrationInWorker property may have been enabled on this object that could result in RCE |
+| EnablingNodeIntegration.js:15:22:20:9 | {\\r\\n     ...       } | nodeIntegration is enabled by default in WebPreferences object that could result in RCE |
+| EnablingNodeIntegration.js:23:13:27:9 | {\\r\\n     ...       } | nodeIntegration is enabled by default in WebPreferences object that could result in RCE |
+| EnablingNodeIntegration.js:49:71:49:93 | {nodeIn ... : true} | nodeIntegration property may have been enabled on this object that could result in RCE |
--- a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.js
+++ b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.js
@@ -0,0 +1,51 @@
+const {BrowserWindow} = require('electron')
+
+function test() {
+    var unsafe_1 = {
+           webPreferences: {
+            nodeIntegration: true,
+			nodeIntegrationInWorker: true,
+            plugins: true,
+            webSecurity: true,
+            sandbox: true
+        }
+    };
+    
+    var options_1 = {
+	    webPreferences: {
+            plugins: true,
+			nodeIntegrationInWorker: false,
+            webSecurity: true,
+            sandbox: true     
+        }
+    };
+    
+	var pref = {
+            plugins: true,
+            webSecurity: true,
+            sandbox: true     
+        };
+	
+    var options_2 = {
+            webPreferences: pref,
+            show: true,
+            frame: true,
+            minWidth: 300,
+            minHeight: 300
+    };
+
+    var safe_used = {
+        webPreferences: {
+            nodeIntegration: false,			
+            plugins: true,
+            webSecurity: true,
+            sandbox: true  
+        }
+    };
+    
+    var w1 = new BrowserWindow(unsafe_1);
+    var w2 = new BrowserWindow(options_1);
+    var w3 = new BrowserWindow(safe_used);
+	var w4 = new BrowserWindow({width: 800, height: 600, webPreferences: {nodeIntegration: true}});	
+	var w5 = new BrowserWindow(options_2);
+}
--- a/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.qlref
+++ b/javascript/ql/test/query-tests/Electron/NodeIntegration/EnablingNodeIntegration.qlref
@@ -0,0 +1 @@
+../../../../src/Electron/EnablingNodeIntegration.ql
				`@@ -0,0 +1 @@`
				`../../../../src/Electron/EnablingNodeIntegration.ql`