Skip to content

Commit 35c75c0

Browse files
NapalysNapalys
committed
JS: Add modeling for @gar/promisify 
1 parent 312471e commit 35c75c0

File tree

3 files changed

+14
-5
lines changed

3 files changed

+14
-5
lines changed

javascript/ql/lib/semmle/javascript/Promises.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -729,7 +729,7 @@ module Promisify {
729729
[
730730
DataFlow::moduleMember(["bluebird", "@google-cloud/promisify"], "promisifyAll"),
731731
DataFlow::moduleMember("thenify-all", "withCallback"),
732-
DataFlow::moduleImport(["util-promisifyall", "pify", "thenify-all"])
732+
DataFlow::moduleImport(["util-promisifyall", "pify", "thenify-all", "@gar/promisify"])
733733
].getACall()
734734
}
735735
}
@@ -744,7 +744,7 @@ module Promisify {
744744
or
745745
this = DataFlow::moduleImport(["pify", "util.promisify"]).getACall()
746746
or
747-
this = DataFlow::moduleImport("thenify").getACall()
747+
this = DataFlow::moduleImport(["thenify", "@gar/promisify"]).getACall()
748748
or
749749
this = DataFlow::moduleMember("thenify", "withCallback").getACall()
750750
or

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,8 @@
8383
| other.js:30:33:30:35 | cmd | other.js:5:25:5:31 | req.url | other.js:30:33:30:35 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
8484
| other.js:34:44:34:46 | cmd | other.js:5:25:5:31 | req.url | other.js:34:44:34:46 | cmd | This command line depends on a $@. | other.js:5:25:5:31 | req.url | user-provided value |
8585
| promisification.js:24:22:24:25 | code | promisification.js:21:18:21:25 | req.body | promisification.js:24:22:24:25 | code | This command line depends on a $@. | promisification.js:21:18:21:25 | req.body | user-provided value |
86+
| promisification.js:40:21:40:24 | code | promisification.js:37:18:37:25 | req.body | promisification.js:40:21:40:24 | code | This command line depends on a $@. | promisification.js:37:18:37:25 | req.body | user-provided value |
87+
| promisification.js:43:24:43:27 | code | promisification.js:37:18:37:25 | req.body | promisification.js:43:24:43:27 | code | This command line depends on a $@. | promisification.js:37:18:37:25 | req.body | user-provided value |
8688
| promisification.js:52:21:52:24 | code | promisification.js:49:18:49:25 | req.body | promisification.js:52:21:52:24 | code | This command line depends on a $@. | promisification.js:49:18:49:25 | req.body | user-provided value |
8789
| promisification.js:55:15:55:18 | code | promisification.js:49:18:49:25 | req.body | promisification.js:55:15:55:18 | code | This command line depends on a $@. | promisification.js:49:18:49:25 | req.body | user-provided value |
8890
| promisification.js:100:23:100:26 | code | promisification.js:99:18:99:25 | req.body | promisification.js:100:23:100:26 | code | This command line depends on a $@. | promisification.js:99:18:99:25 | req.body | user-provided value |
@@ -274,6 +276,9 @@ edges
274276
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | provenance | |
275277
| promisification.js:21:11:21:14 | code | promisification.js:24:22:24:25 | code | provenance | |
276278
| promisification.js:21:18:21:25 | req.body | promisification.js:21:11:21:14 | code | provenance | |
279+
| promisification.js:37:11:37:14 | code | promisification.js:40:21:40:24 | code | provenance | |
280+
| promisification.js:37:11:37:14 | code | promisification.js:43:24:43:27 | code | provenance | |
281+
| promisification.js:37:18:37:25 | req.body | promisification.js:37:11:37:14 | code | provenance | |
277282
| promisification.js:49:11:49:14 | code | promisification.js:52:21:52:24 | code | provenance | |
278283
| promisification.js:49:11:49:14 | code | promisification.js:55:15:55:18 | code | provenance | |
279284
| promisification.js:49:18:49:25 | req.body | promisification.js:49:11:49:14 | code | provenance | |
@@ -479,6 +484,10 @@ nodes
479484
| promisification.js:21:11:21:14 | code | semmle.label | code |
480485
| promisification.js:21:18:21:25 | req.body | semmle.label | req.body |
481486
| promisification.js:24:22:24:25 | code | semmle.label | code |
487+
| promisification.js:37:11:37:14 | code | semmle.label | code |
488+
| promisification.js:37:18:37:25 | req.body | semmle.label | req.body |
489+
| promisification.js:40:21:40:24 | code | semmle.label | code |
490+
| promisification.js:43:24:43:27 | code | semmle.label | code |
482491
| promisification.js:49:11:49:14 | code | semmle.label | code |
483492
| promisification.js:49:18:49:25 | req.body | semmle.label | req.body |
484493
| promisification.js:52:21:52:24 | code | semmle.label | code |

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/promisification.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,13 +34,13 @@ app.post('/eval', async (req, res) => {
3434

3535
app.post('/eval', async (req, res) => {
3636
var garPromisify = require("@gar/promisify");
37-
const code = req.body; // $ MISSING: Source
37+
const code = req.body; // $ Source
3838

3939
const promisifiedExec = garPromisify(cp.exec);
40-
promisifiedExec(code); // $ MISSING: Alert
40+
promisifiedExec(code); // $ Alert
4141

4242
const promisifiedCp = garPromisify(cp);
43-
promisifiedCp.exec(code); // $ MISSING: Alert
43+
promisifiedCp.exec(code); // $ Alert
4444
});
4545

4646
app.post('/eval', async (req, res) => {

0 commit comments

Comments
 (0)