hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: introduce concept: FileNameSource

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-08-30 12:52:39 +02:00
parent 6d3c1a1d22
commit e2fac8a03c
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/src/semmle/javascript/Concepts.qll
View File

@@ -29,6 +29,13 @@ abstract class FileSystemAccess extends DataFlow::Node {
abstract DataFlow::Node getAPathArgument();
}
/**
* A data flow node that contains a file name or an array of file names from the local file system.
*/
abstract class FileNameSource extends DataFlow::Node {
}
/**
* A data flow node that performs a database access.
*/

16
javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
View File

@@ -365,6 +365,22 @@ module NodeJSLib {
}
}
/**
* A data flow node that contains a file name or an array of file names from the local file system.
*/
private class NodeJSFileNameSource extends FileNameSource {
NodeJSFileNameSource() {
exists (string name |
name = "readdir" or
name = "realpath" |
this = fsModuleMember(name).getACall().getCallback([1..2]).getParameter(1) or
this = fsModuleMember(name + "Sync").getACall()
)
}
}
/**
* A call to a method from module `child_process`.
*/