Skip to content

Commit e13b2df

Browse files
erik-krogherik-krogh
authored
Merge pull request #8185 from erik-krogh/amdImp
JS: recognize modules imported by AMD imports as library inputs
2 parents 01db73b + 2032126 commit e13b2df

File tree

5 files changed

+32
-1
lines changed

5 files changed

+32
-1
lines changed

javascript/ql/lib/semmle/javascript/PackageExports.qll

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,15 @@ private DataFlow::Node getAValueExportedByPackage() {
8787
result = getAnExportFromModule(mod)
8888
)
8989
or
90+
// require("./other-module.js"); inside an AMD module.
91+
exists(Module mod, CallExpr call |
92+
call = getAValueExportedByPackage().asExpr() and
93+
call = any(AmdModuleDefinition e).getARequireCall() and
94+
mod = call.getAnArgument().(Import).getImportedModule()
95+
|
96+
result = getAnExportFromModule(mod)
97+
)
98+
or
9099
// module.exports = class Foo {
91100
// bar() {} // <- result
92101
// static baz() {} // <- result

javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction.expected

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,10 @@ nodes
284284
| lib/subLib3/my-file.ts:3:28:3:31 | name |
285285
| lib/subLib3/my-file.ts:4:22:4:25 | name |
286286
| lib/subLib3/my-file.ts:4:22:4:25 | name |
287+
| lib/subLib/amdSub.js:3:28:3:31 | name |
288+
| lib/subLib/amdSub.js:3:28:3:31 | name |
289+
| lib/subLib/amdSub.js:4:22:4:25 | name |
290+
| lib/subLib/amdSub.js:4:22:4:25 | name |
287291
| lib/subLib/index.js:3:28:3:31 | name |
288292
| lib/subLib/index.js:3:28:3:31 | name |
289293
| lib/subLib/index.js:4:22:4:25 | name |
@@ -636,6 +640,10 @@ edges
636640
| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name |
637641
| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name |
638642
| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name |
643+
| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name |
644+
| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name |
645+
| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name |
646+
| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name |
639647
| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name |
640648
| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name |
641649
| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name |
@@ -727,5 +735,6 @@ edges
727735
| lib/subLib2/compiled-file.ts:4:13:4:28 | "rm -rf " + name | lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | $@ based on $@ is later used in $@. | lib/subLib2/compiled-file.ts:4:13:4:28 | "rm -rf " + name | String concatenation | lib/subLib2/compiled-file.ts:3:26:3:29 | name | library input | lib/subLib2/compiled-file.ts:4:5:4:29 | cp.exec ... + name) | shell command |
728736
| lib/subLib2/special-file.js:4:10:4:25 | "rm -rf " + name | lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | $@ based on $@ is later used in $@. | lib/subLib2/special-file.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib2/special-file.js:3:28:3:31 | name | library input | lib/subLib2/special-file.js:4:2:4:26 | cp.exec ... + name) | shell command |
729737
| lib/subLib3/my-file.ts:4:10:4:25 | "rm -rf " + name | lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | $@ based on $@ is later used in $@. | lib/subLib3/my-file.ts:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib3/my-file.ts:3:28:3:31 | name | library input | lib/subLib3/my-file.ts:4:2:4:26 | cp.exec ... + name) | shell command |
738+
| lib/subLib/amdSub.js:4:10:4:25 | "rm -rf " + name | lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | $@ based on $@ is later used in $@. | lib/subLib/amdSub.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib/amdSub.js:3:28:3:31 | name | library input | lib/subLib/amdSub.js:4:2:4:26 | cp.exec ... + name) | shell command |
730739
| lib/subLib/index.js:4:10:4:25 | "rm -rf " + name | lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | $@ based on $@ is later used in $@. | lib/subLib/index.js:4:10:4:25 | "rm -rf " + name | String concatenation | lib/subLib/index.js:3:28:3:31 | name | library input | lib/subLib/index.js:4:2:4:26 | cp.exec ... + name) | shell command |
731740
| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | $@ based on $@ is later used in $@. | lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | String concatenation | lib/subLib/index.js:7:32:7:35 | name | library input | lib/subLib/index.js:8:2:8:26 | cp.exec ... + name) | shell command |

javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/amd.js

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
// this file is imported from `index.js`.
2+
define(function (require) {
3+
return {
4+
amdSub: require("./amdSub"),
5+
};
6+
});

javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/amdSub.js

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
const cp = require("child_process");
2+
3+
module.exports = function (name) {
4+
cp.exec("rm -rf " + name); // NOT OK - this function is exported from `amd.js`
5+
};

javascript/ql/test/query-tests/Security/CWE-078/lib/subLib/index.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,6 @@ module.exports = function (name) {
66

77
module.exports.foo = function (name) {
88
cp.exec("rm -rf " + name); // NOT OK - this is being called explicitly from child_process-test.js
9-
};
9+
};
10+
11+
module.exports.amd = require("./amd.js");

0 commit comments

Comments
 (0)