Erik Krogh Kristensen
653ebf7668
add command parsing model for "dashdash"
2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
269de49196
add model for "meow"
2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
c5ac98d2e8
add command parsing model for command-line-args
2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
f33cd8bc8e
add command parsing model for argparse
2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
45067ee651
add command parsing model for "arg"
2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
821b4be522
more accurately model command parsers that take process.argv as an argument
2020-11-27 09:56:50 +00:00
Max Schaefer
4100ab2919
JavaScript: Add another test to show that flow through functions still works.
2020-10-14 10:03:27 +01:00
Max Schaefer
1c04c07f07
JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction.
2020-10-14 10:03:04 +01:00
Max Schaefer
cd33d358aa
JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths.
...
The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.
2020-10-12 14:50:47 +01:00
Max Schaefer
dc7b447895
JavaScript: Make alert locations for command injection more precise.
2020-09-23 14:07:36 +01:00
Max Schaefer
439aadf0b6
JavaScript: Do even more type tracking in command injection.
2020-09-23 14:07:36 +01:00
Max Schaefer
ef18b39124
JavaScript: Fix use of type backtracker in IndirectCommandArgument.qll.
2020-09-23 14:07:36 +01:00
Max Schaefer
825fc2228b
JavaScript: Add two new command-injection tests.
2020-09-23 14:07:36 +01:00
Erik Krogh Kristensen
320879bc1e
recognize colon in command-prefixes
2020-09-07 13:12:38 +02:00
CodeQL CI
a4f8b19ae4
Merge pull request #3876 from erik-krogh/CWE078-Correctness
...
Approved by esbena
2020-08-03 15:38:51 +01:00
Max Schaefer
91762ec274
JavaScript: Add partial model for opener.
...
3.5M weekly downloads.
Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
2020-07-27 11:42:32 +01:00
Max Schaefer
9aa26fa4bc
JavaScript: Add model for foreground-child.
...
>1M weekly downloads, so seems worth doing.
2020-07-27 11:37:06 +01:00
Max Schaefer
2f842042ea
JavaScript: Model another execa function relevant for command injection.
2020-07-27 11:34:04 +01:00
Erik Krogh Kristensen
dc8042adeb
introduce conistency-checking for CWE-078
2020-07-06 12:47:56 +02:00
Erik Krogh Kristensen
8585312271
fix typo in js/shell-command-constructed-from-input
2020-07-06 10:33:49 +02:00
Erik Krogh Kristensen
2b2d691e45
don't treated a property from a tainted object as tainted when there exists a dominating write
2020-06-25 23:00:52 +02:00
Asger Feldthaus
b4f75ef414
Merge branch 'master' into js-team-sprint-merge2
2020-06-23 00:18:09 +01:00
Erik Krogh Kristensen
0ee3f4977c
add test of webpack-dev-server and monorepo import
2020-06-19 14:15:46 +02:00
Erik Krogh Kristensen
ef72c03ca9
use simpler taint-step for DestructingPattern
2020-06-11 23:16:46 +02:00
Erik Krogh Kristensen
b8a9ac39f4
add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach)
2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen
b510e470b1
support rest-patterns inside property patterns
2020-06-09 13:28:56 +02:00
Erik Krogh Kristensen
b04d7015ae
fix test
2020-06-09 11:23:46 +02:00
Erik Krogh Kristensen
0f06f04e32
extend support for yargs for js/indirect-command-line-injection
2020-06-08 16:45:09 +02:00
Erik Krogh Kristensen
815671f5d0
add sanitizer guard for typeof undefined
2020-06-04 21:32:26 +02:00
semmle-qlci
b9ecf1a304
Merge pull request #3447 from erik-krogh/LibCmdInjection
...
Approved by asgerf, mchammer01
2020-05-22 17:10:57 +01:00
Erik Krogh Kristensen
5b569a4d6d
add a sanitizer for chained replace-calls
2020-05-19 19:16:58 +02:00
Erik Krogh Kristensen
fc7e9eb8c8
add test for non-tracked aliasing
2020-05-18 22:40:41 +02:00
Max Schaefer
6797fec1a3
JavaScript: Add more models of packages that execute commands over SSH.
2020-05-18 12:08:14 +01:00
Erik Krogh Kristensen
c8cf958c8a
add test cases for js/shell-command-constructed-from-input
2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
a1a6826278
support non-SourceNode in IndirectCommandArgument#argumentList
2020-05-16 23:15:37 +02:00
Erik Krogh Kristensen
e8dc77d508
add support for util.promisify with child_process calls
2020-04-15 19:16:30 +02:00
Asger Feldthaus
53569453ba
JS: Autoformat again
2020-03-04 19:28:24 +00:00
Erik Krogh Kristensen
87d283aa6c
add tests for third party command execution libraries (and two small fixes)
2020-02-25 10:50:59 +01:00
Erik Krogh Kristensen
fb94af9764
remove the last dependency on PrettyPrinting
2020-02-24 13:18:15 +01:00
Erik Krogh Kristensen
473787a426
refactor the getOptionsArg predicate into the SystemCommandExecution class
2020-02-24 12:59:20 +01:00
Erik Krogh Kristensen
44db0f4e5d
better printing of the options arg
2020-02-21 15:39:49 +01:00
Erik Krogh Kristensen
75410e5760
big refactor of UselessUseOfCal
2020-02-21 14:26:42 +01:00
Erik Krogh Kristensen
b1cbfce50b
use SystemCommandExecution and a few small fixes
2020-02-20 14:17:37 +01:00
Erik Krogh Kristensen
12c0291dde
require that an options object has a known set of properties
2020-02-20 11:35:11 +01:00
Erik Krogh Kristensen
b5ef45e6c2
add isSync predicate to SystemCommandExecution
2020-02-20 11:30:23 +01:00
Erik Krogh Kristensen
a193cb110e
support arrow functions in the callbacks
2020-02-20 11:13:39 +01:00
Erik Krogh Kristensen
56f3e431f9
update expected output
2020-02-20 10:28:53 +01:00
Erik Krogh Kristensen
bdab9ee12b
change useless cat query to only flag instances that can be re-written to
2020-02-19 16:59:28 +01:00
Erik Krogh Kristensen
344060e139
accept IO redirections as OK
2020-02-19 10:12:24 +01:00
Erik Krogh Kristensen
73a7d406a5
add query for useless use of cat
2020-02-18 19:18:45 +01:00
