add the resolve library as a sink to js/path-injection

2026-04-27 17:55:19 +02:00 · 2021-06-04 17:16:12 +02:00
parent f21e949898
commit dd2fe2a489
4 changed files with 28 additions and 0 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
@@ -577,6 +577,17 @@ module TaintedPath {
    }
  }

+  /**
+   * An expression whose value is resolved to a module using the [resolve](http://npmjs.com/package/resolve) library.
+   */
+  class ResolveModuleSink extends Sink {
+    ResolveModuleSink() {
+      this = API::moduleImport("resolve").getACall().getArgument(0)
+      or
+      this = API::moduleImport("resolve").getMember("sync").getACall().getArgument(0)
+    }
+  }
+
  /**
   * A path argument to a file system access.
   */