hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9754 from erik-krogh/chownr

Browse Source 
JS: add model for chownr
This commit is contained in:
Erik Krogh Kristensen
2022-06-30 22:02:45 +02:00
committed by GitHub
parent 08b1c5495a eaec1ac561
commit ef0ec396c4
5 changed files with 223 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/lib/change-notes/2022-06-30-chownr.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `chownr` library is now modeled as a sink for the `js/path-injection` query.

12
javascript/ql/lib/semmle/javascript/frameworks/Files.qll
View File

@@ -192,6 +192,18 @@ private class WriteFileAtomic extends FileSystemWriteAccess, DataFlow::CallNode
override DataFlow::Node getADataNode() { result = this.getArgument(1) }
}
/**
* A call to the library `chownr`.
* The library changes the owner of a file or directory recursively.
*/
private class Chownr extends FileSystemWriteAccess, DataFlow::CallNode {
Chownr() { this = DataFlow::moduleImport("chownr").getACall() }
override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
override DataFlow::Node getADataNode() { none() }
}
/**
* A call to the library `recursive-readdir`.
*/