Skip to content

Commit 39170f3

Browse files
NapalysNapalys
committed
Added couple more test cases for commander js
1 parent 6b4e34d commit 39170f3

File tree

2 files changed

+28
-19
lines changed

2 files changed

+28
-19
lines changed

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command line depends on a $@. | child_process-test.js:83:19:83:36 | req.query.fileName | user-provided value |
2323
| child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | This command line depends on a $@. | child_process-test.js:94:21:94:30 | ctx.params | user-provided value |
2424
| command-line-libs.js:14:8:14:18 | options.cmd | command-line-libs.js:9:16:9:23 | req.body | command-line-libs.js:14:8:14:18 | options.cmd | This command line depends on a $@. | command-line-libs.js:9:16:9:23 | req.body | user-provided value |
25-
| command-line-libs.js:40:8:40:17 | parsed.cmd | command-line-libs.js:33:16:33:23 | req.body | command-line-libs.js:40:8:40:17 | parsed.cmd | This command line depends on a $@. | command-line-libs.js:33:16:33:23 | req.body | user-provided value |
25+
| command-line-libs.js:49:8:49:17 | parsed.cmd | command-line-libs.js:42:16:42:23 | req.body | command-line-libs.js:49:8:49:17 | parsed.cmd | This command line depends on a $@. | command-line-libs.js:42:16:42:23 | req.body | user-provided value |
2626
| exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value |
2727
| exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value |
2828
| execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value |
@@ -124,14 +124,14 @@ edges
124124
| command-line-libs.js:13:9:13:32 | options | command-line-libs.js:14:8:14:14 | options | provenance | |
125125
| command-line-libs.js:13:19:13:32 | program.opts() | command-line-libs.js:13:9:13:32 | options | provenance | |
126126
| command-line-libs.js:14:8:14:14 | options | command-line-libs.js:14:8:14:18 | options.cmd | provenance | |
127-
| command-line-libs.js:33:9:33:34 | args | command-line-libs.js:34:24:34:27 | args | provenance | |
128-
| command-line-libs.js:33:16:33:23 | req.body | command-line-libs.js:33:9:33:34 | args | provenance | |
129-
| command-line-libs.js:34:9:38:12 | parsed | command-line-libs.js:40:8:40:13 | parsed | provenance | |
130-
| command-line-libs.js:34:18:34:28 | yargs(args) | command-line-libs.js:34:18:38:4 | yargs(a ... ue\\n }) | provenance | |
131-
| command-line-libs.js:34:18:38:4 | yargs(a ... ue\\n }) | command-line-libs.js:34:18:38:12 | yargs(a ... parse() | provenance | |
132-
| command-line-libs.js:34:18:38:12 | yargs(a ... parse() | command-line-libs.js:34:9:38:12 | parsed | provenance | |
133-
| command-line-libs.js:34:24:34:27 | args | command-line-libs.js:34:18:34:28 | yargs(args) | provenance | |
134-
| command-line-libs.js:40:8:40:13 | parsed | command-line-libs.js:40:8:40:17 | parsed.cmd | provenance | |
127+
| command-line-libs.js:42:9:42:34 | args | command-line-libs.js:43:24:43:27 | args | provenance | |
128+
| command-line-libs.js:42:16:42:23 | req.body | command-line-libs.js:42:9:42:34 | args | provenance | |
129+
| command-line-libs.js:43:9:47:12 | parsed | command-line-libs.js:49:8:49:13 | parsed | provenance | |
130+
| command-line-libs.js:43:18:43:28 | yargs(args) | command-line-libs.js:43:18:47:4 | yargs(a ... ue\\n }) | provenance | |
131+
| command-line-libs.js:43:18:47:4 | yargs(a ... ue\\n }) | command-line-libs.js:43:18:47:12 | yargs(a ... parse() | provenance | |
132+
| command-line-libs.js:43:18:47:12 | yargs(a ... parse() | command-line-libs.js:43:9:47:12 | parsed | provenance | |
133+
| command-line-libs.js:43:24:43:27 | args | command-line-libs.js:43:18:43:28 | yargs(args) | provenance | |
134+
| command-line-libs.js:49:8:49:13 | parsed | command-line-libs.js:49:8:49:17 | parsed.cmd | provenance | |
135135
| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | provenance | |
136136
| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | provenance | |
137137
| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:9:14:49 | cmd | provenance | |
@@ -292,15 +292,15 @@ nodes
292292
| command-line-libs.js:13:19:13:32 | program.opts() | semmle.label | program.opts() |
293293
| command-line-libs.js:14:8:14:14 | options | semmle.label | options |
294294
| command-line-libs.js:14:8:14:18 | options.cmd | semmle.label | options.cmd |
295-
| command-line-libs.js:33:9:33:34 | args | semmle.label | args |
296-
| command-line-libs.js:33:16:33:23 | req.body | semmle.label | req.body |
297-
| command-line-libs.js:34:9:38:12 | parsed | semmle.label | parsed |
298-
| command-line-libs.js:34:18:34:28 | yargs(args) | semmle.label | yargs(args) |
299-
| command-line-libs.js:34:18:38:4 | yargs(a ... ue\\n }) | semmle.label | yargs(a ... ue\\n }) |
300-
| command-line-libs.js:34:18:38:12 | yargs(a ... parse() | semmle.label | yargs(a ... parse() |
301-
| command-line-libs.js:34:24:34:27 | args | semmle.label | args |
302-
| command-line-libs.js:40:8:40:13 | parsed | semmle.label | parsed |
303-
| command-line-libs.js:40:8:40:17 | parsed.cmd | semmle.label | parsed.cmd |
295+
| command-line-libs.js:42:9:42:34 | args | semmle.label | args |
296+
| command-line-libs.js:42:16:42:23 | req.body | semmle.label | req.body |
297+
| command-line-libs.js:43:9:47:12 | parsed | semmle.label | parsed |
298+
| command-line-libs.js:43:18:43:28 | yargs(args) | semmle.label | yargs(args) |
299+
| command-line-libs.js:43:18:47:4 | yargs(a ... ue\\n }) | semmle.label | yargs(a ... ue\\n }) |
300+
| command-line-libs.js:43:18:47:12 | yargs(a ... parse() | semmle.label | yargs(a ... parse() |
301+
| command-line-libs.js:43:24:43:27 | args | semmle.label | args |
302+
| command-line-libs.js:49:8:49:13 | parsed | semmle.label | parsed |
303+
| command-line-libs.js:49:8:49:17 | parsed.cmd | semmle.label | parsed.cmd |
304304
| exec-sh2.js:9:17:9:23 | command | semmle.label | command |
305305
| exec-sh2.js:10:40:10:46 | command | semmle.label | command |
306306
| exec-sh2.js:14:9:14:49 | cmd | semmle.label | cmd |

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/command-line-libs.js

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,22 @@ import arg from 'arg';
55
const app = express();
66
app.use(express.json());
77

8-
app.post('/Command', (req, res) => {
8+
app.post('/Command', async (req, res) => {
99
const args = req.body.args || []; // $ Source
1010
const program = new Command();
1111
program.option('--cmd <value>', 'Command to execute');
1212
program.parse(args, { from: 'user' });
1313
const options = program.opts();
1414
exec(options.cmd); // $ Alert
15+
exec(program.cmd); // $ MISSING: Alert
16+
17+
const program1 = new Command();
18+
program1
19+
.command('run <script>')
20+
.action((script) => {
21+
exec(script); // $ MISSING: Alert
22+
});
23+
await program1.parseAsync(args);
1524
});
1625

1726
app.post('/arg', (req, res) => {

0 commit comments

Comments
 (0)