hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

add test cases for js/shell-command-constructed-from-input

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-05-11 21:03:40 +02:00
parent 59001bbdf4
commit c8cf958c8a
9 changed files with 726 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

416
javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction.expected Normal file
View File

@@ -0,0 +1,416 @@
nodes
| lib/lib2.js:3:28:3:31 | name |
| lib/lib2.js:3:28:3:31 | name |
| lib/lib2.js:4:22:4:25 | name |
| lib/lib2.js:4:22:4:25 | name |
| lib/lib2.js:7:32:7:35 | name |
| lib/lib2.js:7:32:7:35 | name |
| lib/lib2.js:8:22:8:25 | name |
| lib/lib2.js:8:22:8:25 | name |
| lib/lib.js:3:28:3:31 | name |
| lib/lib.js:3:28:3:31 | name |
| lib/lib.js:4:22:4:25 | name |
| lib/lib.js:4:22:4:25 | name |
| lib/lib.js:10:32:10:35 | name |
| lib/lib.js:10:32:10:35 | name |
| lib/lib.js:11:22:11:25 | name |
| lib/lib.js:11:22:11:25 | name |
| lib/lib.js:14:36:14:39 | name |
| lib/lib.js:14:36:14:39 | name |
| lib/lib.js:15:22:15:25 | name |
| lib/lib.js:15:22:15:25 | name |
| lib/lib.js:19:34:19:37 | name |
| lib/lib.js:19:34:19:37 | name |
| lib/lib.js:20:22:20:25 | name |
| lib/lib.js:20:22:20:25 | name |
| lib/lib.js:26:35:26:38 | name |
| lib/lib.js:26:35:26:38 | name |
| lib/lib.js:27:22:27:25 | name |
| lib/lib.js:27:22:27:25 | name |
| lib/lib.js:34:14:34:17 | name |
| lib/lib.js:34:14:34:17 | name |
| lib/lib.js:35:23:35:26 | name |
| lib/lib.js:35:23:35:26 | name |
| lib/lib.js:37:13:37:16 | name |
| lib/lib.js:37:13:37:16 | name |
| lib/lib.js:38:23:38:26 | name |
| lib/lib.js:38:23:38:26 | name |
| lib/lib.js:40:6:40:9 | name |
| lib/lib.js:40:6:40:9 | name |
| lib/lib.js:41:23:41:26 | name |
| lib/lib.js:41:23:41:26 | name |
| lib/lib.js:49:31:49:34 | name |
| lib/lib.js:49:31:49:34 | name |
| lib/lib.js:50:47:50:50 | name |
| lib/lib.js:50:47:50:50 | name |
| lib/lib.js:53:33:53:36 | name |
| lib/lib.js:53:33:53:36 | name |
| lib/lib.js:54:25:54:28 | name |
| lib/lib.js:54:25:54:28 | name |
| lib/lib.js:57:25:57:28 | name |
| lib/lib.js:57:25:57:28 | name |
| lib/lib.js:64:41:64:44 | name |
| lib/lib.js:64:41:64:44 | name |
| lib/lib.js:65:22:65:25 | name |
| lib/lib.js:65:22:65:25 | name |
| lib/lib.js:71:28:71:31 | name |
| lib/lib.js:71:28:71:31 | name |
| lib/lib.js:73:21:73:24 | name |
| lib/lib.js:73:21:73:24 | name |
| lib/lib.js:75:20:75:23 | name |
| lib/lib.js:75:20:75:23 | name |
| lib/lib.js:77:28:77:31 | name |
| lib/lib.js:77:28:77:31 | name |
| lib/lib.js:82:35:82:38 | name |
| lib/lib.js:82:35:82:38 | name |
| lib/lib.js:83:22:83:25 | name |
| lib/lib.js:83:22:83:25 | name |
| lib/lib.js:86:13:86:16 | name |
| lib/lib.js:86:13:86:16 | name |
| lib/lib.js:89:21:89:24 | name |
| lib/lib.js:89:21:89:24 | name |
| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" |
| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" |
| lib/lib.js:91:28:91:31 | name |
| lib/lib.js:97:35:97:38 | name |
| lib/lib.js:97:35:97:38 | name |
| lib/lib.js:98:35:98:38 | name |
| lib/lib.js:98:35:98:38 | name |
| lib/lib.js:100:37:100:40 | name |
| lib/lib.js:100:37:100:40 | name |
| lib/lib.js:102:46:102:49 | name |
| lib/lib.js:102:46:102:49 | name |
| lib/lib.js:108:41:108:44 | name |
| lib/lib.js:108:41:108:44 | name |
| lib/lib.js:111:34:111:37 | name |
| lib/lib.js:111:34:111:37 | name |
| lib/lib.js:112:22:112:25 | name |
| lib/lib.js:112:22:112:25 | name |
| lib/lib.js:120:33:120:36 | name |
| lib/lib.js:120:33:120:36 | name |
| lib/lib.js:121:22:121:25 | name |
| lib/lib.js:121:22:121:25 | name |
| lib/lib.js:130:6:130:9 | name |
| lib/lib.js:130:6:130:9 | name |
| lib/lib.js:131:23:131:26 | name |
| lib/lib.js:131:23:131:26 | name |
| lib/lib.js:148:37:148:40 | name |
| lib/lib.js:148:37:148:40 | name |
| lib/lib.js:149:24:149:27 | name |
| lib/lib.js:149:24:149:27 | name |
| lib/lib.js:155:38:155:41 | name |
| lib/lib.js:155:38:155:41 | name |
| lib/lib.js:161:25:161:28 | name |
| lib/lib.js:161:25:161:28 | name |
| lib/lib.js:170:41:170:44 | name |
| lib/lib.js:170:41:170:44 | name |
| lib/lib.js:173:20:173:23 | name |
| lib/lib.js:173:20:173:23 | name |
| lib/lib.js:177:38:177:41 | name |
| lib/lib.js:177:38:177:41 | name |
| lib/lib.js:181:6:181:52 | broken |
| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" |
| lib/lib.js:181:21:181:24 | name |
| lib/lib.js:181:21:181:46 | name.re ... "'\\''") |
| lib/lib.js:182:22:182:27 | broken |
| lib/lib.js:182:22:182:27 | broken |
| lib/lib.js:186:34:186:37 | name |
| lib/lib.js:186:34:186:37 | name |
| lib/lib.js:187:22:187:25 | name |
| lib/lib.js:187:22:187:25 | name |
| lib/lib.js:190:23:190:26 | name |
| lib/lib.js:190:23:190:26 | name |
| lib/lib.js:196:45:196:48 | name |
| lib/lib.js:196:45:196:48 | name |
| lib/lib.js:197:22:197:25 | name |
| lib/lib.js:197:22:197:25 | name |
| lib/lib.js:200:23:200:26 | name |
| lib/lib.js:200:23:200:26 | name |
| lib/lib.js:206:45:206:48 | name |
| lib/lib.js:206:45:206:48 | name |
| lib/lib.js:207:22:207:25 | name |
| lib/lib.js:207:22:207:25 | name |
| lib/lib.js:212:23:212:26 | name |
| lib/lib.js:212:23:212:26 | name |
| lib/lib.js:216:39:216:42 | name |
| lib/lib.js:216:39:216:42 | name |
| lib/lib.js:217:22:217:25 | name |
| lib/lib.js:217:22:217:25 | name |
| lib/lib.js:220:23:220:26 | name |
| lib/lib.js:220:23:220:26 | name |
| lib/lib.js:224:22:224:25 | name |
| lib/lib.js:224:22:224:25 | name |
| lib/lib.js:227:39:227:42 | name |
| lib/lib.js:227:39:227:42 | name |
| lib/lib.js:228:22:228:25 | name |
| lib/lib.js:228:22:228:25 | name |
| lib/lib.js:236:22:236:25 | name |
| lib/lib.js:236:22:236:25 | name |
| lib/lib.js:248:42:248:45 | name |
| lib/lib.js:248:42:248:45 | name |
| lib/lib.js:249:22:249:25 | name |
| lib/lib.js:249:22:249:25 | name |
| lib/lib.js:257:35:257:38 | name |
| lib/lib.js:257:35:257:38 | name |
| lib/lib.js:258:22:258:25 | name |
| lib/lib.js:258:22:258:25 | name |
| lib/lib.js:261:30:261:33 | name |
| lib/lib.js:261:30:261:33 | name |
| lib/lib.js:267:46:267:48 | obj |
| lib/lib.js:267:46:267:48 | obj |
| lib/lib.js:268:22:268:24 | obj |
| lib/lib.js:268:22:268:32 | obj.version |
| lib/lib.js:268:22:268:32 | obj.version |
| lib/lib.js:272:22:272:24 | obj |
| lib/lib.js:272:22:272:32 | obj.version |
| lib/lib.js:272:22:272:32 | obj.version |
edges
| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name |
| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name |
| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name |
| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name |
| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name |
| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name |
| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name |
| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name |
| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name |
| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name |
| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name |
| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name |
| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name |
| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name |
| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name |
| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name |
| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name |
| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name |
| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name |
| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name |
| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name |
| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name |
| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name |
| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name |
| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name |
| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name |
| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name |
| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name |
| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name |
| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name |
| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name |
| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name |
| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name |
| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name |
| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name |
| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name |
| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name |
| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name |
| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name |
| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name |
| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name |
| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name |
| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name |
| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name |
| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name |
| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name |
| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name |
| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name |
| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name |
| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name |
| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" |
| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name |
| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name |
| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name |
| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name |
| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name |
| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name |
| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name |
| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name |
| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name |
| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name |
| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name |
| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name |
| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name |
| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name |
| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name |
| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name |
| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name |
| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name |
| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name |
| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name |
| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name |
| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name |
| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name |
| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name |
| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name |
| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name |
| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name |
| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name |
| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken |
| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken |
| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | lib/lib.js:181:6:181:52 | broken |
| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") |
| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" |
| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name |
| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name |
| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name |
| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name |
| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name |
| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name |
| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name |
| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name |
| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name |
| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name |
| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name |
| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name |
| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name |
| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name |
| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name |
| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name |
| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name |
| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name |
| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name |
| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name |
| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name |
| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name |
| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name |
| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name |
| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name |
| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name |
| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name |
| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name |
| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name |
| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name |
| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name |
| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name |
| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name |
| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name |
| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name |
| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name |
| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name |
| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name |
| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name |
| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name |
| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name |
| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name |
| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name |
| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name |
| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name |
| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj |
| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj |
| lib/lib.js:267:46:267:48 | obj | lib/lib.js:272:22:272:24 | obj |
| lib/lib.js:267:46:267:48 | obj | lib/lib.js:272:22:272:24 | obj |
| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version |
| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version |
| lib/lib.js:272:22:272:24 | obj | lib/lib.js:272:22:272:32 | obj.version |
| lib/lib.js:272:22:272:24 | obj | lib/lib.js:272:22:272:32 | obj.version |
#select
| lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | $@ based on libary input is later used in $@. | lib/lib2.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/lib2.js:8:10:8:25 | "rm -rf " + name | lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | $@ based on libary input is later used in $@. | lib/lib2.js:8:10:8:25 | "rm -rf " + name | String concatenation | lib/lib2.js:8:2:8:26 | cp.exec ... + name) | shell command |
| lib/lib.js:4:10:4:25 | "rm -rf " + name | lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/lib.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/lib.js:11:10:11:25 | "rm -rf " + name | lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:11:10:11:25 | "rm -rf " + name | String concatenation | lib/lib.js:11:2:11:26 | cp.exec ... + name) | shell command |
| lib/lib.js:15:10:15:25 | "rm -rf " + name | lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:15:10:15:25 | "rm -rf " + name | String concatenation | lib/lib.js:15:2:15:26 | cp.exec ... + name) | shell command |
| lib/lib.js:20:10:20:25 | "rm -rf " + name | lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:20:10:20:25 | "rm -rf " + name | String concatenation | lib/lib.js:20:2:20:26 | cp.exec ... + name) | shell command |
| lib/lib.js:27:10:27:25 | "rm -rf " + name | lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:27:10:27:25 | "rm -rf " + name | String concatenation | lib/lib.js:27:2:27:26 | cp.exec ... + name) | shell command |
| lib/lib.js:35:11:35:26 | "rm -rf " + name | lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | $@ based on libary input is later used in $@. | lib/lib.js:35:11:35:26 | "rm -rf " + name | String concatenation | lib/lib.js:35:3:35:27 | cp.exec ... + name) | shell command |
| lib/lib.js:38:11:38:26 | "rm -rf " + name | lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | $@ based on libary input is later used in $@. | lib/lib.js:38:11:38:26 | "rm -rf " + name | String concatenation | lib/lib.js:38:3:38:27 | cp.exec ... + name) | shell command |
| lib/lib.js:41:11:41:26 | "rm -rf " + name | lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | $@ based on libary input is later used in $@. | lib/lib.js:41:11:41:26 | "rm -rf " + name | String concatenation | lib/lib.js:41:3:41:27 | cp.exec ... + name) | shell command |
| lib/lib.js:50:35:50:50 | "rm -rf " + name | lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | $@ based on libary input is later used in $@. | lib/lib.js:50:35:50:50 | "rm -rf " + name | String concatenation | lib/lib.js:50:2:50:51 | require ... + name) | shell command |
| lib/lib.js:54:13:54:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | $@ based on libary input is later used in $@. | lib/lib.js:54:13:54:28 | "rm -rf " + name | String concatenation | lib/lib.js:55:2:55:14 | cp.exec(cmd1) | shell command |
| lib/lib.js:57:13:57:28 | "rm -rf " + name | lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | $@ based on libary input is later used in $@. | lib/lib.js:57:13:57:28 | "rm -rf " + name | String concatenation | lib/lib.js:59:3:59:14 | cp.exec(cmd) | shell command |
| lib/lib.js:65:10:65:25 | "rm -rf " + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:65:10:65:25 | "rm -rf " + name | String concatenation | lib/lib.js:65:2:65:26 | cp.exec ... + name) | shell command |
| lib/lib.js:71:10:71:31 | "cat /f ... + name | lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | $@ based on libary input is later used in $@. | lib/lib.js:71:10:71:31 | "cat /f ... + name | String concatenation | lib/lib.js:71:2:71:32 | cp.exec ... + name) | shell command |
| lib/lib.js:73:10:73:31 | "cat \\" ... + "\\"" | lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | $@ based on libary input is later used in $@. | lib/lib.js:73:10:73:31 | "cat \\" ... + "\\"" | String concatenation | lib/lib.js:73:2:73:32 | cp.exec ... + "\\"") | shell command |
| lib/lib.js:75:10:75:29 | "cat '" + name + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | $@ based on libary input is later used in $@. | lib/lib.js:75:10:75:29 | "cat '" + name + "'" | String concatenation | lib/lib.js:75:2:75:30 | cp.exec ... + "'") | shell command |
| lib/lib.js:77:10:77:37 | "cat '/ ... e + "'" | lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | $@ based on libary input is later used in $@. | lib/lib.js:77:10:77:37 | "cat '/ ... e + "'" | String concatenation | lib/lib.js:77:2:77:38 | cp.exec ... + "'") | shell command |
| lib/lib.js:83:10:83:25 | "rm -rf " + name | lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:83:10:83:25 | "rm -rf " + name | String concatenation | lib/lib.js:83:2:83:26 | cp.exec ... + name) | shell command |
| lib/lib.js:86:13:86:16 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | $@ based on libary input is later used in $@. | lib/lib.js:86:13:86:16 | name | Array element | lib/lib.js:87:2:87:25 | cp.exec ... n(" ")) | shell command |
| lib/lib.js:89:21:89:24 | name | lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | $@ based on libary input is later used in $@. | lib/lib.js:89:21:89:24 | name | Array element | lib/lib.js:89:2:89:36 | cp.exec ... n(" ")) | shell command |
| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | lib/lib.js:82:35:82:38 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | $@ based on libary input is later used in $@. | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | Array element | lib/lib.js:91:2:91:50 | cp.exec ... n(" ")) | shell command |
| lib/lib.js:98:35:98:38 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | $@ based on libary input is later used in $@. | lib/lib.js:98:35:98:38 | name | Formatted string | lib/lib.js:98:2:98:40 | cp.exec ... name)) | shell command |
| lib/lib.js:100:37:100:40 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | $@ based on libary input is later used in $@. | lib/lib.js:100:37:100:40 | name | Formatted string | lib/lib.js:100:2:100:42 | cp.exec ... name)) | shell command |
| lib/lib.js:102:46:102:49 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | $@ based on libary input is later used in $@. | lib/lib.js:102:46:102:49 | name | Formatted string | lib/lib.js:102:2:102:51 | cp.exec ... name)) | shell command |
| lib/lib.js:108:41:108:44 | name | lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | $@ based on libary input is later used in $@. | lib/lib.js:108:41:108:44 | name | Formatted string | lib/lib.js:108:2:108:46 | cp.exec ... name)) | shell command |
| lib/lib.js:112:10:112:25 | "rm -rf " + name | lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:112:10:112:25 | "rm -rf " + name | String concatenation | lib/lib.js:112:2:112:26 | cp.exec ... + name) | shell command |
| lib/lib.js:121:10:121:25 | "rm -rf " + name | lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:121:10:121:25 | "rm -rf " + name | String concatenation | lib/lib.js:121:2:121:26 | cp.exec ... + name) | shell command |
| lib/lib.js:131:11:131:26 | "rm -rf " + name | lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | $@ based on libary input is later used in $@. | lib/lib.js:131:11:131:26 | "rm -rf " + name | String concatenation | lib/lib.js:131:3:131:27 | cp.exec ... + name) | shell command |
| lib/lib.js:149:12:149:27 | "rm -rf " + name | lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | $@ based on libary input is later used in $@. | lib/lib.js:149:12:149:27 | "rm -rf " + name | String concatenation | lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) | shell command |
| lib/lib.js:161:13:161:28 | "rm -rf " + name | lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | $@ based on libary input is later used in $@. | lib/lib.js:161:13:161:28 | "rm -rf " + name | String concatenation | lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) | shell command |
| lib/lib.js:173:10:173:23 | "fo \| " + name | lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | $@ based on libary input is later used in $@. | lib/lib.js:173:10:173:23 | "fo \| " + name | String concatenation | lib/lib.js:173:2:173:24 | cp.exec ... + name) | shell command |
| lib/lib.js:182:10:182:27 | "rm -rf " + broken | lib/lib.js:177:38:177:41 | name | lib/lib.js:182:22:182:27 | broken | $@ based on libary input is later used in $@. | lib/lib.js:182:10:182:27 | "rm -rf " + broken | String concatenation | lib/lib.js:182:2:182:28 | cp.exec ... broken) | shell command |
| lib/lib.js:187:10:187:25 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:187:10:187:25 | "rm -rf " + name | String concatenation | lib/lib.js:187:2:187:26 | cp.exec ... + name) | shell command |
| lib/lib.js:190:11:190:26 | "rm -rf " + name | lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | $@ based on libary input is later used in $@. | lib/lib.js:190:11:190:26 | "rm -rf " + name | String concatenation | lib/lib.js:190:3:190:27 | cp.exec ... + name) | shell command |
| lib/lib.js:197:10:197:25 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:197:10:197:25 | "rm -rf " + name | String concatenation | lib/lib.js:197:2:197:26 | cp.exec ... + name) | shell command |
| lib/lib.js:200:11:200:26 | "rm -rf " + name | lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | $@ based on libary input is later used in $@. | lib/lib.js:200:11:200:26 | "rm -rf " + name | String concatenation | lib/lib.js:200:3:200:27 | cp.exec ... + name) | shell command |
| lib/lib.js:207:10:207:25 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:207:10:207:25 | "rm -rf " + name | String concatenation | lib/lib.js:207:2:207:26 | cp.exec ... + name) | shell command |
| lib/lib.js:212:11:212:26 | "rm -rf " + name | lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | $@ based on libary input is later used in $@. | lib/lib.js:212:11:212:26 | "rm -rf " + name | String concatenation | lib/lib.js:212:3:212:27 | cp.exec ... + name) | shell command |
| lib/lib.js:217:10:217:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:217:10:217:25 | "rm -rf " + name | String concatenation | lib/lib.js:217:2:217:26 | cp.exec ... + name) | shell command |
| lib/lib.js:220:11:220:26 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | $@ based on libary input is later used in $@. | lib/lib.js:220:11:220:26 | "rm -rf " + name | String concatenation | lib/lib.js:220:3:220:27 | cp.exec ... + name) | shell command |
| lib/lib.js:224:10:224:25 | "rm -rf " + name | lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:224:10:224:25 | "rm -rf " + name | String concatenation | lib/lib.js:224:2:224:26 | cp.exec ... + name) | shell command |
| lib/lib.js:228:10:228:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:228:10:228:25 | "rm -rf " + name | String concatenation | lib/lib.js:228:2:228:26 | cp.exec ... + name) | shell command |
| lib/lib.js:236:10:236:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:236:10:236:25 | "rm -rf " + name | String concatenation | lib/lib.js:236:2:236:26 | cp.exec ... + name) | shell command |
| lib/lib.js:249:10:249:25 | "rm -rf " + name | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:249:10:249:25 | "rm -rf " + name | String concatenation | lib/lib.js:249:2:249:26 | cp.exec ... + name) | shell command |
| lib/lib.js:258:10:258:25 | "rm -rf " + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | $@ based on libary input is later used in $@. | lib/lib.js:258:10:258:25 | "rm -rf " + name | String concatenation | lib/lib.js:258:2:258:26 | cp.exec ... + name) | shell command |
| lib/lib.js:261:11:261:33 | "rm -rf ... + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | $@ based on libary input is later used in $@. | lib/lib.js:261:11:261:33 | "rm -rf ... + name | String concatenation | lib/lib.js:261:3:261:34 | cp.exec ... + name) | shell command |
| lib/lib.js:268:10:268:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:32 | obj.version | $@ based on libary input is later used in $@. | lib/lib.js:268:10:268:32 | "rm -rf ... version | String concatenation | lib/lib.js:268:2:268:33 | cp.exec ... ersion) | shell command |
| lib/lib.js:272:10:272:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:272:22:272:32 | obj.version | $@ based on libary input is later used in $@. | lib/lib.js:272:10:272:32 | "rm -rf ... version | String concatenation | lib/lib.js:272:2:272:33 | cp.exec ... ersion) | shell command |

1
javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-078/UnsafeShellCommandConstruction.ql

7
javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat.expected
View File

@@ -1,4 +1,8 @@
readFile
| lib/lib.js:71:2:71:32 | cp.exec ... + name) | fs.readFile("/foO/BAR/" + name) |
| lib/lib.js:73:2:73:32 | cp.exec ... + "\\"") | fs.readFile(""" + name + """) |
| lib/lib.js:75:2:75:30 | cp.exec ... + "'") | fs.readFile("'" + name + "'") |
| lib/lib.js:77:2:77:38 | cp.exec ... + "'") | fs.readFile("'/foo/bar" + name + "'") |
| uselesscat.js:10:1:10:43 | exec("c ... ut) {}) | fs.readFile("foo/bar", function(err, out) {...}) |
| uselesscat.js:12:1:14:2 | exec("c ... ut);\\n}) | fs.readFile("/proc/" + id + "/status", function(err, out) {...}) |
| uselesscat.js:16:1:16:29 | execSyn ... uinfo') | fs.readFileSync("/proc/cpuinfo") |
@@ -89,6 +93,9 @@ options
| child_process-test.js:53:5:53:59 | cp.spaw ... cmd])) | child_process-test.js:53:25:53:58 | ['/C', ... , cmd]) |
| child_process-test.js:54:5:54:50 | cp.spaw ... t(cmd)) | child_process-test.js:54:25:54:49 | ['/C', ... at(cmd) |
| child_process-test.js:64:3:64:21 | cp.spawn(cmd, args) | child_process-test.js:64:17:64:20 | args |
| lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) | lib/lib.js:152:21:152:22 | cb |
| lib/lib.js:159:2:159:23 | cp.spaw ... gs, cb) | lib/lib.js:159:21:159:22 | cb |
| lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) | lib/lib.js:166:3:166:22 | { stdio: 'inherit' } |
| uselesscat.js:28:1:28:39 | execSyn ... 1000}) | uselesscat.js:28:28:28:38 | {uid: 1000} |
| uselesscat.js:30:1:30:64 | exec('c ... t) { }) | uselesscat.js:30:26:30:38 | { cwd: './' } |
| uselesscat.js:34:1:34:54 | execSyn ... utf8'}) | uselesscat.js:34:36:34:53 | {encoding: 'utf8'} |

273
javascript/ql/test/query-tests/Security/CWE-078/lib/lib.js Normal file
View File

@@ -0,0 +1,273 @@
var cp = require("child_process")
module.exports = function (name) {
cp.exec("rm -rf " + name); // NOT OK
cp.execFile(name, [name]); // OK
cp.execFile(name, name); // OK
};
module.exports.foo = function (name) {
cp.exec("rm -rf " + name); // NOT OK
}
module.exports.foo.bar = function (name) {
cp.exec("rm -rf " + name); // NOT OK
}
function cla() { }
cla.prototype.method = function (name) {
cp.exec("rm -rf " + name); // NOT OK
}
module.exports = new cla();
function cla2() { }
cla2.prototype.method = function (name) {
cp.exec("rm -rf " + name); // NOT OK
}
module.exports.bla = new cla2();
module.exports.lib2 = require("./lib2.js")
class Cla3 {
constructor(name) {
cp.exec("rm -rf " + name); // NOT OK
}
static foo(name) {
cp.exec("rm -rf " + name); // NOT OK
}
bar(name) {
cp.exec("rm -rf " + name); // NOT OK
cp.exec("rm -rf " + notASource); // OK
}
}
module.exports.cla3 = Cla3;
module.exports.mz = function (name) {
require("mz/child_process").exec("rm -rf " + name); // NOT OK.
}
module.exports.flow = function (name) {
var cmd1 = "rm -rf " + name;
cp.exec(cmd1); // NOT OK.
var cmd2 = "rm -rf " + name;
function myExec(cmd) {
cp.exec(cmd); // NOT OK.
}
myExec(cmd2);
}
module.exports.stringConcat = function (name) {
cp.exec("rm -rf " + name); // NOT OK.
cp.exec(name); // OK.
cp.exec("for foo in (" + name + ") do bla end"); // OK.
cp.exec("cat /foO/BAR/" + name) // NOT OK.
cp.exec("cat \"" + name + "\"") // NOT OK.
cp.exec("cat '" + name + "'") // NOT OK.
cp.exec("cat '/foo/bar" + name + "'") // NOT OK.
cp.exec(name + " some file") // OK.
}
module.exports.arrays = function (name) {
cp.exec("rm -rf " + name); // NOT OK.
var args1 = ["node"];
args1.push(name);
cp.exec(args1.join(" ")); // NOT OK.
cp.exec(["rm -rf", name].join(" ")); // NOT OK.
cp.exec(["rm -rf", "\"" + name + "\""].join(" ")); // NOT OK.
cp.execFile("rm", ["-rf", name]); // OK
}
var util = require("util");
module.exports.format = function (name) {
cp.exec(util.format("rm -rf %s", name)); // NOT OK
cp.exec(util.format("rm -rf '%s'", name)); // NOT OK
cp.exec(util.format("rm -rf '/foo/bar/%s'", name)); // NOT OK
cp.exec(util.format("%s foo/bar", name)); // OK
cp.exec(util.format("for foo in (%s) do bar end", name)); // OK
cp.exec(require("printf")('rm -rf %s', name)); // NOT OK
}
module.exports.valid = function (name) {
cp.exec("rm -rf " + name); // NOT OK
if (!isValidName(name)) {
return;
}
cp.exec("rm -rf " + name); // OK
}
module.exports.safe = function (name) {
cp.exec("rm -rf " + name); // NOT OK
if (!isSafeName(name)) {
return;
}
cp.exec("rm -rf " + name); // OK
}
class Cla4 {
wha(name) {
cp.exec("rm -rf " + name); // NOT OK
}
static bla(name) {
cp.exec("rm -rf " + name); // OK - not exported
}
constructor(name) {
cp.exec("rm -rf " + name); // OK - not exported
}
}
module.exports.cla4 = new Cla4();
function Cla5(name) {
cp.exec("rm -rf " + name); // OK - not exported
}
module.exports.cla5 = new Cla5();
module.exports.indirect = function (name) {
let cmd = "rm -rf " + name;
let sh = "sh";
let args = ["-c", cmd];
cp.spawn(sh, args, cb); // NOT OK
}
module.exports.indirect2 = function (name) {
let cmd = name;
let sh = "sh";
let args = ["-c", cmd];
cp.spawn(sh, args, cb); // OK
let cmd2 = "rm -rf " + name;
var args2 = [cmd2];
cp.spawn(
'cmd.exe',
['/C', editor].concat(args2),
{ stdio: 'inherit' }
);
}
module.exports.cmd = function (command, name) {
cp.exec("fo | " + command); // OK
cp.exec("fo | " + name); // NOT OK
}
module.exports.sanitizer = function (name) {
var sanitized = "'" + name.replace(/'/g, "'\\''") + "'"
cp.exec("rm -rf " + sanitized); // OK
var broken = "'" + name.replace(/'/g, "'\''") + "'"
cp.exec("rm -rf " + broken); // NOT OK
}
var path = require("path");
module.exports.guard = function (name) {
cp.exec("rm -rf " + name); // NOT OK
if (!path.exist(name)) {
cp.exec("rm -rf " + name); // NOT OK
return;
}
cp.exec("rm -rf " + name); // OK
}
module.exports.blacklistOfChars = function (name) {
cp.exec("rm -rf " + name); // NOT OK
if (/[^A-Za-z0-9_\/:=-]/.test(name)) {
cp.exec("rm -rf " + name); // NOT OK
} else {
cp.exec("rm -rf " + name); // OK
}
}
module.exports.whitelistOfChars = function (name) {
cp.exec("rm -rf " + name); // NOT OK
if (/^[A-Za-z0-9_\/:=-]$/.test(name)) {
cp.exec("rm -rf " + name); // OK
} else {
cp.exec("rm -rf " + name); // NOT OK
}
}
module.exports.blackList2 = function (name) {
cp.exec("rm -rf " + name); // NOT OK
if (!/^([a-zA-Z0-9]+))?$/.test(name)) {
cp.exec("rm -rf " + name); // NOT OK
process.exit(-1);
}
cp.exec("rm -rf " + name); // OK - but FP due to tracking flow through `process.exit()`.
}
module.exports.accessSync = function (name) {
cp.exec("rm -rf " + name); // NOT OK
try {
path.accessSync(name);
} catch (e) {
return;
}
cp.exec("rm -rf " + name); // OK - but FP due to `path.accessSync` not being recognized as a sanitizer.
}
var cleanInput = function (s) {
if (/[^A-Za-z0-9_\/:=-]/.test(s)) {
s = "'" + s.replace(/'/g, "'\\''") + "'";
s = s.replace(/^(?:'')+/g, '') // unduplicate single-quote at the beginning
.replace(/\\'''/g, "\\'"); // remove non-escaped single-quote if there are enclosed between 2 escaped
}
return s;
}
module.exports.goodSanitizer = function (name) {
cp.exec("rm -rf " + name); // NOT OK
var cleaned = cleanInput(name);
cp.exec("rm -rf " + cleaned); // OK
}
var fs = require("fs");
module.exports.guard2 = function (name) {
cp.exec("rm -rf " + name); // NOT OK
if (!fs.existsSync("prefix/" + name)) {
cp.exec("rm -rf prefix/" + name); // NOT OK
return;
}
cp.exec("rm -rf prefix/" + name); // OK
}
module.exports.sanitizerProperty = function (obj) {
cp.exec("rm -rf " + obj.version); // NOT OK
obj.version = "";
cp.exec("rm -rf " + obj.version); // OK - but FP
}

9
javascript/ql/test/query-tests/Security/CWE-078/lib/lib2.js Normal file
View File

@@ -0,0 +1,9 @@
var cp = require("child_process")
module.exports = function (name) {
cp.exec("rm -rf " + name); // NOT OK - is imported from main module.
};
module.exports.foo = function (name) {
cp.exec("rm -rf " + name); // NOT OK - is imported from main module.
};

5
javascript/ql/test/query-tests/Security/CWE-078/lib/other.js Normal file
View File

@@ -0,0 +1,5 @@
var cp = require("child_process")
module.exports = function (name) {
cp.exec("rm -rf " + name); // OK, is not exported to a main-module.
};

5
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/index.js Normal file
View File

@@ -0,0 +1,5 @@
var cp = require("child_process")
module.exports = function (name) {
cp.exec("rm -rf " + name); // OK - this file belongs in a sub-"module", and is not the primary exported module.
};

5
javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/package.json Normal file
View File

@@ -0,0 +1,5 @@
{
"name": "mySubLib",
"version": "0.0.7",
"main": "./index.js"
}

5
javascript/ql/test/query-tests/Security/CWE-078/package.json Normal file
View File

@@ -0,0 +1,5 @@
{
"name": "myLib",
"version": "0.0.7",
"main": "./lib/lib.js"
}