hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Add example of indirect command injection.

Browse Source
This commit is contained in:
Max Schaefer
2019-01-11 10:24:41 +00:00
parent 7d2d33840a
commit f9d704bdcf
2 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -38,6 +38,21 @@ nodes
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| execSeries.js:3:20:3:22 | arr |
| execSeries.js:5:4:5:3 | arr |
| execSeries.js:6:14:6:16 | arr |
| execSeries.js:6:14:6:21 | arr[i++] |
| execSeries.js:13:19:13:26 | commands |
| execSeries.js:14:13:14:20 | commands |
| execSeries.js:14:24:14:30 | command |
| execSeries.js:14:41:14:47 | command |
| execSeries.js:18:7:18:58 | cmd |
| execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:18:13:18:53 | require ... ).query |
| execSeries.js:18:13:18:58 | require ... ry.path |
| execSeries.js:18:34:18:40 | req.url |
| execSeries.js:19:12:19:16 | [cmd] |
| execSeries.js:19:13:19:15 | cmd |
edges
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
@@ -70,6 +85,21 @@ edges
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| execSeries.js:3:20:3:22 | arr | execSeries.js:5:4:5:3 | arr |
| execSeries.js:5:4:5:3 | arr | execSeries.js:6:14:6:16 | arr |
| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] |
| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command |
| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands |
| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr |
| execSeries.js:14:13:14:20 | commands | execSeries.js:14:24:14:30 | command |
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command |
| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd |
| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:13:18:53 | require ... ).query |
| execSeries.js:18:13:18:53 | require ... ).query | execSeries.js:18:13:18:58 | require ... ry.path |
| execSeries.js:18:13:18:58 | require ... ry.path | execSeries.js:18:7:18:58 | cmd |
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands |
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] |
#select
| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
@@ -83,3 +113,4 @@ edges
| child_process-test.js:44:5:44:34 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:51:5:51:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:50:15:50:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:56:3:56:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command depends on $@. | execSeries.js:18:34:18:40 | req.url | a user-provided value |

20
javascript/ql/test/query-tests/Security/CWE-078/execSeries.js Normal file
View File

@@ -0,0 +1,20 @@
var exec = require('child_process').exec;
function asyncEach(arr, iterator) {
var i = 0;
(function iterate() {
iterator(arr[i++], function () {
if (i < arr.length)
process.nextTick(iterate);
});
})();
}
function execEach(commands) {
asyncEach(commands, (command) => exec(command));
};
require('http').createServer(function(req, res) {
let cmd = require('url').parse(req.url, true).query.path;
execEach([cmd]); // NOT OK
});