Skip to content

Commit 2c6db00

Browse files
NapalysNapalys
committed
JS: Add modeling for util promisify*
1 parent e002f20 commit 2c6db00

File tree

3 files changed

+24
-7
lines changed

3 files changed

+24
-7
lines changed

javascript/ql/lib/semmle/javascript/Promises.qll

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -730,7 +730,9 @@ module Promisify {
730730
DataFlow::moduleMember(["bluebird", "@google-cloud/promisify", "es6-promisify"],
731731
"promisifyAll"),
732732
DataFlow::moduleMember("thenify-all", "withCallback"),
733-
DataFlow::moduleImport(["util-promisifyall", "pify", "thenify-all", "@gar/promisify"])
733+
DataFlow::moduleImport([
734+
"util-promisifyall", "pify", "thenify-all", "@gar/promisify", "util.promisify-all"
735+
])
734736
].getACall()
735737
}
736738
}
@@ -743,7 +745,7 @@ module Promisify {
743745
PromisifyCall() {
744746
this = DataFlow::moduleImport(["util", "bluebird"]).getAMemberCall("promisify")
745747
or
746-
this = DataFlow::moduleImport(["pify", "util.promisify"]).getACall()
748+
this = DataFlow::moduleImport(["pify", "util.promisify", "util-promisify"]).getACall()
747749
or
748750
this = DataFlow::moduleImport(["thenify", "@gar/promisify", "es6-promisify"]).getACall()
749751
or

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,7 @@
8383
| other.js:30:33:30:35 | cmd | other.js:5:25:5:31 | req.url | other.js:30:33:30:35 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
8484
| other.js:34:44:34:46 | cmd | other.js:5:25:5:31 | req.url | other.js:34:44:34:46 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
8585
| promisification.js:24:22:24:25 | code | promisification.js:21:18:21:25 | req.body | promisification.js:24:22:24:25 | code | This command line depends on a $@. | promisification.js:21:18:21:25 | req.body | user-provided value |
86+
| promisification.js:31:24:31:27 | code | promisification.js:30:18:30:25 | req.body | promisification.js:31:24:31:27 | code | This command line depends on a $@. | promisification.js:30:18:30:25 | req.body | user-provided value |
8687
| promisification.js:40:21:40:24 | code | promisification.js:37:18:37:25 | req.body | promisification.js:40:21:40:24 | code | This command line depends on a $@. | promisification.js:37:18:37:25 | req.body | user-provided value |
8788
| promisification.js:43:24:43:27 | code | promisification.js:37:18:37:25 | req.body | promisification.js:43:24:43:27 | code | This command line depends on a $@. | promisification.js:37:18:37:25 | req.body | user-provided value |
8889
| promisification.js:52:21:52:24 | code | promisification.js:49:18:49:25 | req.body | promisification.js:52:21:52:24 | code | This command line depends on a $@. | promisification.js:49:18:49:25 | req.body | user-provided value |
@@ -98,6 +99,8 @@
9899
| promisification.js:102:27:102:30 | code | promisification.js:99:18:99:25 | req.body | promisification.js:102:27:102:30 | code | This command line depends on a $@. | promisification.js:99:18:99:25 | req.body | user-provided value |
99100
| promisification.js:106:24:106:27 | code | promisification.js:99:18:99:25 | req.body | promisification.js:106:24:106:27 | code | This command line depends on a $@. | promisification.js:99:18:99:25 | req.body | user-provided value |
100101
| promisification.js:109:24:109:27 | code | promisification.js:99:18:99:25 | req.body | promisification.js:109:24:109:27 | code | This command line depends on a $@. | promisification.js:99:18:99:25 | req.body | user-provided value |
102+
| promisification.js:133:21:133:24 | code | promisification.js:130:18:130:25 | req.body | promisification.js:133:21:133:24 | code | This command line depends on a $@. | promisification.js:130:18:130:25 | req.body | user-provided value |
103+
| promisification.js:136:15:136:18 | code | promisification.js:130:18:130:25 | req.body | promisification.js:136:15:136:18 | code | This command line depends on a $@. | promisification.js:130:18:130:25 | req.body | user-provided value |
101104
| promisification.js:144:21:144:24 | code | promisification.js:141:18:141:25 | req.body | promisification.js:144:21:144:24 | code | This command line depends on a $@. | promisification.js:141:18:141:25 | req.body | user-provided value |
102105
| promisification.js:147:15:147:18 | code | promisification.js:141:18:141:25 | req.body | promisification.js:147:15:147:18 | code | This command line depends on a $@. | promisification.js:141:18:141:25 | req.body | user-provided value |
103106
| promisification.js:150:24:150:27 | code | promisification.js:141:18:141:25 | req.body | promisification.js:150:24:150:27 | code | This command line depends on a $@. | promisification.js:141:18:141:25 | req.body | user-provided value |
@@ -282,6 +285,8 @@ edges
282285
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | provenance | |
283286
| promisification.js:21:11:21:14 | code | promisification.js:24:22:24:25 | code | provenance | |
284287
| promisification.js:21:18:21:25 | req.body | promisification.js:21:11:21:14 | code | provenance | |
288+
| promisification.js:30:11:30:14 | code | promisification.js:31:24:31:27 | code | provenance | |
289+
| promisification.js:30:18:30:25 | req.body | promisification.js:30:11:30:14 | code | provenance | |
285290
| promisification.js:37:11:37:14 | code | promisification.js:40:21:40:24 | code | provenance | |
286291
| promisification.js:37:11:37:14 | code | promisification.js:43:24:43:27 | code | provenance | |
287292
| promisification.js:37:18:37:25 | req.body | promisification.js:37:11:37:14 | code | provenance | |
@@ -301,6 +306,9 @@ edges
301306
| promisification.js:99:11:99:14 | code | promisification.js:106:24:106:27 | code | provenance | |
302307
| promisification.js:99:11:99:14 | code | promisification.js:109:24:109:27 | code | provenance | |
303308
| promisification.js:99:18:99:25 | req.body | promisification.js:99:11:99:14 | code | provenance | |
309+
| promisification.js:130:11:130:14 | code | promisification.js:133:21:133:24 | code | provenance | |
310+
| promisification.js:130:11:130:14 | code | promisification.js:136:15:136:18 | code | provenance | |
311+
| promisification.js:130:18:130:25 | req.body | promisification.js:130:11:130:14 | code | provenance | |
304312
| promisification.js:141:11:141:14 | code | promisification.js:144:21:144:24 | code | provenance | |
305313
| promisification.js:141:11:141:14 | code | promisification.js:147:15:147:18 | code | provenance | |
306314
| promisification.js:141:11:141:14 | code | promisification.js:150:24:150:27 | code | provenance | |
@@ -497,6 +505,9 @@ nodes
497505
| promisification.js:21:11:21:14 | code | semmle.label | code |
498506
| promisification.js:21:18:21:25 | req.body | semmle.label | req.body |
499507
| promisification.js:24:22:24:25 | code | semmle.label | code |
508+
| promisification.js:30:11:30:14 | code | semmle.label | code |
509+
| promisification.js:30:18:30:25 | req.body | semmle.label | req.body |
510+
| promisification.js:31:24:31:27 | code | semmle.label | code |
500511
| promisification.js:37:11:37:14 | code | semmle.label | code |
501512
| promisification.js:37:18:37:25 | req.body | semmle.label | req.body |
502513
| promisification.js:40:21:40:24 | code | semmle.label | code |
@@ -520,6 +531,10 @@ nodes
520531
| promisification.js:102:27:102:30 | code | semmle.label | code |
521532
| promisification.js:106:24:106:27 | code | semmle.label | code |
522533
| promisification.js:109:24:109:27 | code | semmle.label | code |
534+
| promisification.js:130:11:130:14 | code | semmle.label | code |
535+
| promisification.js:130:18:130:25 | req.body | semmle.label | req.body |
536+
| promisification.js:133:21:133:24 | code | semmle.label | code |
537+
| promisification.js:136:15:136:18 | code | semmle.label | code |
523538
| promisification.js:141:11:141:14 | code | semmle.label | code |
524539
| promisification.js:141:18:141:25 | req.body | semmle.label | req.body |
525540
| promisification.js:144:21:144:24 | code | semmle.label | code |

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/promisification.js

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,8 @@ app.post('/eval', async (req, res) => {
2727
app.post('/eval', async (req, res) => {
2828
const promisify2 = require('util.promisify-all');
2929
const promisifiedCp = promisify2(cp);
30-
const code = req.body; // $ MISSING: Source
31-
promisifiedCp.exec(code); // $ MISSING: Alert
30+
const code = req.body; // $ Source
31+
promisifiedCp.exec(code); // $ Alert
3232
});
3333

3434

@@ -127,13 +127,13 @@ app.post('/eval', async (req, res) => {
127127

128128
app.post('/eval', async (req, res) => {
129129
const utilPromisify = require('util-promisify');
130-
const code = req.body; // $ MISSING: Source
130+
const code = req.body; // $ Source
131131

132132
const promisifiedExec = utilPromisify(cp.exec);
133-
promisifiedExec(code); // $ MISSING: Alert
133+
promisifiedExec(code); // $ Alert
134134

135135
const execAsync = utilPromisify(cp.exec.bind(cp));
136-
execAsync(code); // $ MISSING: Alert
136+
execAsync(code); // $ Alert
137137
});
138138

139139
app.post('/eval', async (req, res) => {

0 commit comments

Comments
 (0)