mirror of
https://github.com/github/codeql.git
synced 2026-04-26 01:05:15 +02:00
Added support for lutimes, opendir, and statfs functions from fs-extra.
This commit is contained in:
Napalys
@@ -64,6 +64,17 @@
|
||||
| more-fs-extra.js:19:25:19:32 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:19:25:19:32 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:20:21:20:28 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:20:21:20:28 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:21:17:21:24 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:21:17:21:24 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:22:16:22:23 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:22:16:22:23 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:23:20:23:27 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:23:20:23:27 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:24:19:24:26 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:24:19:24:26 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:25:15:25:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:25:15:25:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:26:19:26:26 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:26:19:26:26 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:27:13:27:20 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:27:13:27:20 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:28:17:28:24 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:28:17:28:24 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:29:23:29:30 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:29:23:29:30 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:30:16:30:23 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:30:16:30:23 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:31:20:31:27 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:31:20:31:27 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| more-fs-extra.js:32:23:32:30 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:32:23:32:30 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
|
||||
| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
|
||||
| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
|
||||
| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
|
||||
@@ -372,6 +383,17 @@ edges
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:19:25:19:32 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:20:21:20:28 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:21:17:21:24 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:22:16:22:23 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:23:20:23:27 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:24:19:24:26 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:25:15:25:22 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:26:19:26:26 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:27:13:27:20 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:28:17:28:24 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:29:23:29:30 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:30:16:30:23 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:31:20:31:27 | filename | provenance | |
|
||||
| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:32:23:32:30 | filename | provenance | |
|
||||
| more-fs-extra.js:8:13:8:20 | filename | more-fs-extra.js:8:11:8:33 | filename | provenance | |
|
||||
| more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:8:11:8:22 | { filename } | provenance | |
|
||||
| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | provenance | |
|
||||
@@ -870,6 +892,17 @@ nodes
|
||||
| more-fs-extra.js:19:25:19:32 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:20:21:20:28 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:21:17:21:24 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:22:16:22:23 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:23:20:23:27 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:24:19:24:26 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:25:15:25:22 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:26:19:26:26 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:27:13:27:20 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:28:17:28:24 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:29:23:29:30 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:30:16:30:23 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:31:20:31:27 | filename | semmle.label | filename |
|
||||
| more-fs-extra.js:32:23:32:30 | filename | semmle.label | filename |
|
||||
| normalizedPaths.js:11:7:11:27 | path | semmle.label | path |
|
||||
| normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path |
|
||||
| normalizedPaths.js:13:19:13:22 | path | semmle.label | path |
|
||||
|
||||
@@ -19,15 +19,15 @@ app.post('/rmsync', (req, res) => {
|
||||
fs.cpSync("source", filename); // $ Alert
|
||||
fs.emptydirSync(filename); // $ Alert
|
||||
fs.emptydir(filename); // $ Alert
|
||||
fs.opendir(filename); // $ MISSING: Alert
|
||||
fs.opendirSync(filename); // $ MISSING: Alert
|
||||
fs.openAsBlob(filename); // $ MISSING: Alert
|
||||
fs.statfs(filename); // $ MISSING: Alert
|
||||
fs.statfsSync(filename); // $ MISSING: Alert
|
||||
fs.open(filename, 'r'); // $ MISSING: Alert
|
||||
fs.openSync(filename, 'r'); // $ MISSING: Alert
|
||||
fs.outputJSONSync(filename, req.body.data, { spaces: 2 }); // $ MISSING: Alert
|
||||
fs.lutimes(filename, new Date(req.body.atime), new Date(req.body.mtime)); // MISSING: $ Alert
|
||||
fs.lutimesSync(filename, new Date(req.body.atime), new Date(req.body.mtime)); // MISSING: $ Alert
|
||||
fs.outputJsonSync(filename, { timestamp: new Date().toISOString(), action: req.body.action, user: req.body.user}, { spaces: 2 }); // $ MISSING: Alert
|
||||
fs.opendir(filename); // $ Alert
|
||||
fs.opendirSync(filename); // $ Alert
|
||||
fs.openAsBlob(filename); // $ Alert
|
||||
fs.statfs(filename); // $ Alert
|
||||
fs.statfsSync(filename); // $ Alert
|
||||
fs.open(filename, 'r'); // $ Alert
|
||||
fs.openSync(filename, 'r'); // $ Alert
|
||||
fs.outputJSONSync(filename, req.body.data, { spaces: 2 }); // $ Alert
|
||||
fs.lutimes(filename, new Date(req.body.atime), new Date(req.body.mtime)); // $ Alert
|
||||
fs.lutimesSync(filename, new Date(req.body.atime), new Date(req.body.mtime)); // $ Alert
|
||||
fs.outputJsonSync(filename, { timestamp: new Date().toISOString(), action: req.body.action, user: req.body.user}, { spaces: 2 }); // $ Alert
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user