JS: Improve lodash model

2026-04-27 09:45:15 +02:00 · 2020-10-27 15:30:13 +00:00
parent 9fc5c0bdb8
commit a9adb2912a
2 changed files with 12 additions and 1 deletions
--- a/javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
+++ b/javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
@@ -57,6 +57,12 @@ class SSTINunjucksSink extends ServerSideTemplateInjectionSink {
  }
 }

+class LodashTemplateSink extends ServerSideTemplateInjectionSink {
+  LodashTemplateSink() {
+    this = LodashUnderscore::member("template").getACall().getArgument(0)
+  }
+}
+
 from DataFlow::PathNode source, DataFlow::PathNode sink, ServerSideTemplateInjectionConfiguration c
 where c.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
--- a/javascript/ql/src/semmle/javascript/frameworks/LodashUnderscore.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/LodashUnderscore.qll
@@ -407,7 +407,12 @@ module LodashUnderscore {
            "shuffle", "sample", "toArray", "partition", "compact", "first", "initial", "last",
            "rest", "flatten", "without", "difference", "uniq", "unique", "unzip", "transpose",
            "object", "chunk", "values", "mapObject", "pick", "omit", "defaults", "clone", "tap",
-            "identity"] and
+            "identity",
+            // String category
+            "camelCase", "capitalize", "deburr", "kebabCase", "lowerCase", "lowerFirst", "pad",
+            "padEnd", "padStart", "repeat", "replace", "snakeCase", "split", "startCase", "toLower",
+            "toUpper", "trim", "trimEnd", "trimStart", "truncate", "unescape", "upperCase",
+            "upperFirst", "words"] and
      pred = call.getArgument(0) and
      succ = call
      or