github
diff --git a/‎javascript/externs/nodejs/fs.js
Lines changed: 0 additions & 1 deletion b/‎javascript/externs/nodejs/fs.js
Lines changed: 0 additions & 1 deletion
diff --git a/‎javascript/ql/lib/change-notes/2022-06-30-chownr.md
Lines changed: 4 additions & 0 deletions b/‎javascript/ql/lib/change-notes/2022-06-30-chownr.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/Files.qll
Lines changed: 12 additions & 0 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/Files.qll
Lines changed: 12 additions & 0 deletions
@@ -1696,4 +1696,3 @@ module.exports.R_OK = fs.R_OK;
 module.exports.W_OK = fs.W_OK;
 
 module.exports.X_OK = fs.X_OK;
-
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `chownr` library is now modeled as a sink for the `js/path-injection` query.
@@ -192,6 +192,18 @@ private class WriteFileAtomic extends FileSystemWriteAccess, DataFlow::CallNode
   override DataFlow::Node getADataNode() { result = this.getArgument(1) }
 }
 
+/**
+ * A call to the library `chownr`.
+ * The library changes the owner of a file or directory recursively.
+ */
+private class Chownr extends FileSystemWriteAccess, DataFlow::CallNode {
+  Chownr() { this = DataFlow::moduleImport("chownr").getACall() }
+
+  override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
+
+  override DataFlow::Node getADataNode() { none() }
+}
+
 /**
  * A call to the library `recursive-readdir`.
  */
Original file line number	Diff line number	Diff line change
`@@ -1696,4 +1696,3 @@ module.exports.R_OK = fs.R_OK;`
`1696`	`1696`	`module.exports.W_OK = fs.W_OK;`
`1697`	`1697`
`1698`	`1698`	`module.exports.X_OK = fs.X_OK;`
`1699`		`-`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The `chownr` library is now modeled as a sink for the `js/path-injection` query.