Skip to content

Commit 5b5f529

Browse files
committed
JS: add uniform support for path, path.posix and path.win32
1 parent b2a87f6 commit 5b5f529

File tree

3 files changed

+28
-7
lines changed

3 files changed

+28
-7
lines changed

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1045,4 +1045,25 @@ module NodeJSLib {
10451045
i = 0 and result = this.getArgument(i)
10461046
}
10471047
}
1048+
1049+
/**
1050+
* Provides predicates for working with the "path" module and its platform-specific instances as a single module.
1051+
*/
1052+
module Path {
1053+
/**
1054+
* Gets a node that imports the "path" module, or one of its platform-specific instances.
1055+
*/
1056+
DataFlow::SourceNode moduleImport() {
1057+
result = DataFlow::moduleImport("path") or
1058+
result = DataFlow::moduleMember("path", "posix") or
1059+
result = DataFlow::moduleMember("path", "win32")
1060+
}
1061+
1062+
/**
1063+
* Gets an access to member `member` of the "path" module, or one of its platform-specific instances.
1064+
*/
1065+
DataFlow::SourceNode moduleMember(string member) {
1066+
result = moduleImport().getAPropertyRead(member)
1067+
}
1068+
}
10481069
}

javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ module TaintedPath {
108108
or
109109
// path.join()
110110
exists(DataFlow::CallNode join, int n |
111-
join = DataFlow::moduleMember("path", "join").getACall()
111+
join = NodeJSLib::Path::moduleMember("join").getACall()
112112
|
113113
src = join.getArgument(n) and
114114
dst = join and

javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ module TaintedPath {
124124
DataFlow::Node output;
125125

126126
NormalizingPathCall() {
127-
this = DataFlow::moduleMember("path", "normalize").getACall() and
127+
this = NodeJSLib::Path::moduleMember("normalize").getACall() and
128128
input = getArgument(0) and
129129
output = this
130130
}
@@ -148,7 +148,7 @@ module TaintedPath {
148148
DataFlow::Node output;
149149

150150
ResolvingPathCall() {
151-
this = DataFlow::moduleMember("path", "resolve").getACall() and
151+
this = NodeJSLib::Path::moduleMember("resolve").getACall() and
152152
input = getAnArgument() and
153153
output = this
154154
or
@@ -180,7 +180,7 @@ module TaintedPath {
180180
DataFlow::Node output;
181181

182182
NormalizingRelativePathCall() {
183-
this = DataFlow::moduleMember("path", "relative").getACall() and
183+
this = NodeJSLib::Path::moduleMember("relative").getACall() and
184184
input = getAnArgument() and
185185
output = this
186186
}
@@ -205,7 +205,7 @@ module TaintedPath {
205205

206206
PreservingPathCall() {
207207
exists(string name | name = "dirname" or name = "toNamespacedPath" |
208-
this = DataFlow::moduleMember("path", name).getACall() and
208+
this = NodeJSLib::Path::moduleMember(name).getACall() and
209209
input = getAnArgument() and
210210
output = this
211211
)
@@ -244,7 +244,7 @@ module TaintedPath {
244244
// ".." + path.sep
245245
exists(StringOps::Concatenation conc | node = conc |
246246
conc.getOperand(0).getStringValue() = ".." and
247-
conc.getOperand(1).getALocalSource() = DataFlow::moduleMember("path", "sep") and
247+
conc.getOperand(1).getALocalSource() = NodeJSLib::Path::moduleMember("sep") and
248248
conc.getNumOperand() = 2
249249
)
250250
}
@@ -311,7 +311,7 @@ module TaintedPath {
311311

312312
IsAbsoluteSanitizer() {
313313
exists(DataFlow::CallNode call | this = call |
314-
call = DataFlow::moduleMember("path", "isAbsolute").getACall() and
314+
call = NodeJSLib::Path::moduleMember("isAbsolute").getACall() and
315315
operand = call.getArgument(0) and
316316
polarity = true and
317317
negatable = true

0 commit comments

Comments
 (0)