hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths.

Browse Source 
The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.
This commit is contained in:
Max Schaefer
2020-10-12 14:50:47 +01:00
parent 6440db786d
commit cd33d358aa
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction.expected
View File

@@ -180,6 +180,11 @@ nodes
| lib/lib.js:324:40:324:42 | arg |
| lib/lib.js:325:49:325:51 | arg |
| lib/lib.js:325:49:325:51 | arg |
| lib/lib.js:329:13:329:13 | x |
| lib/lib.js:329:13:329:13 | x |
| lib/lib.js:330:9:330:9 | x |
| lib/lib.js:336:22:336:31 | id("test") |
| lib/lib.js:336:22:336:31 | id("test") |
edges
| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name |
| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name |
@@ -396,6 +401,10 @@ edges
| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg |
| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg |
| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg |
| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x |
| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x |
| lib/lib.js:330:9:330:9 | x | lib/lib.js:336:22:336:31 | id("test") |
| lib/lib.js:330:9:330:9 | x | lib/lib.js:336:22:336:31 | id("test") |
#select
| lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | $@ based on library input is later used in $@. | lib/lib2.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command |
| lib/lib2.js:8:10:8:25 | "rm -rf " + name | lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | $@ based on library input is later used in $@. | lib/lib2.js:8:10:8:25 | "rm -rf " + name | String concatenation | lib/lib2.js:8:2:8:26 | cp.exec ... + name) | shell command |

12
javascript/ql/test/query-tests/Security/CWE-078/lib/lib.js
View File

@@ -324,4 +324,14 @@ module.exports.typeofcheck = function (name) {
module.exports.typeofcheck = function (arg) {
var cmd = "MyWindowCommand | findstr /i /c:" + arg; // NOT OK
cp.exec(cmd);
}
}
function id(x) {
return x;
}
module.exports.id = id;
module.exports.unproblematic = function() {
cp.exec("rm -rf " + id("test")); // OK [INCONSISTENCY]
};