JS: add type-tracking to the fs-module and model the original-fs

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

@@ -429,16 +429,27 @@ module NodeJSLib {
   }
 
   /**
-   * A member `member` from module `fs` or its drop-in replacements `graceful-fs` or `fs-extra`.
+   * A member `member` from module `fs` or its drop-in replacements `graceful-fs`, `fs-extra`, `original-fs`.
    */
   private DataFlow::SourceNode fsModuleMember(string member) {
+    result = fsModule(DataFlow::TypeTracker::end()).getAPropertyRead(member)
+  }
+
+  private DataFlow::SourceNode fsModule(DataFlow::TypeTracker t) {
     exists(string moduleName |
       moduleName = "fs" or
       moduleName = "graceful-fs" or
-      moduleName = "fs-extra"
+      moduleName = "fs-extra" or
+      moduleName = "original-fs"
     |
-      result = DataFlow::moduleMember(moduleName, member)
-    )
+      result = DataFlow::moduleImport(moduleName)
+      or
+      // extra support for flexible names
+      result.asExpr().(Require).getArgument(0).mayHaveStringValue(moduleName)
+    ) and
+    t.start()
+    or
+    exists(DataFlow::TypeTracker t2 | result = fsModule(t2).track(t2, t))
   }
 
   /**

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected

@@ -1,7 +1,4 @@
 | normalizedPaths.js:208:38:208:63 | // OK - ...  anyway | Spurious alert |
-| other-fs-libraries.js:14:34:14:42 | // NOT OK | Missing alert |
-| other-fs-libraries.js:16:41:16:49 | // NOT OK | Missing alert |
-| other-fs-libraries.js:17:42:17:50 | // NOT OK | Missing alert |
 | tainted-string-steps.js:25:43:25:74 | // NOT  ... flagged | Missing alert |
 | tainted-string-steps.js:26:49:26:74 | // OK - ... flagged | Spurious alert |
 | tainted-string-steps.js:28:39:28:70 | // NOT  ... flagged | Missing alert |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

@@ -1751,6 +1751,91 @@ nodes
 | other-fs-libraries.js:13:24:13:27 | path |
 | other-fs-libraries.js:13:24:13:27 | path |
 | other-fs-libraries.js:13:24:13:27 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:24:35:24:38 | path |
 | tainted-require.js:7:19:7:37 | req.param("module") |
 | tainted-require.js:7:19:7:37 | req.param("module") |
 | tainted-require.js:7:19:7:37 | req.param("module") |
@@ -4747,6 +4832,166 @@ edges
 | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path |
 | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path |
 | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
+| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path |
 | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query |
 | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query |
 | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query |
@@ -5710,6 +5955,11 @@ edges
 | other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
 | other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
 | other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
+| other-fs-libraries.js:14:27:14:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:14:27:14:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
+| other-fs-libraries.js:16:34:16:37 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:16:34:16:37 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
+| other-fs-libraries.js:17:35:17:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:17:35:17:38 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
+| other-fs-libraries.js:19:56:19:59 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:19:56:19:59 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
+| other-fs-libraries.js:24:35:24:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:24:35:24:38 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
 | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on $@. | tainted-require.js:7:19:7:37 | req.param("module") | a user-provided value |
 | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | a user-provided value |
 | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js

@@ -15,6 +15,13 @@ var server = http.createServer(function(req, res) {
 
   getFsModule(true).readFileSync(path); // NOT OK
   getFsModule(false).readFileSync(path); // NOT OK
+
+  require("./my-fs-module").require(true).readFileSync(path); // NOT OK
+
+  let flexibleModuleName = require(process.versions["electron"]
+    ? "original-fs"
+    : "fs");
+  flexibleModuleName.readFileSync(path); // NOT OK
 });
 
 function getFsModule(special) {