Added support for emptydir functions from fs-extra.

Napalys · Napalys · commit 55c74b2bacdf · 2025-03-28T08:37:28.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll
@@ -462,7 +462,7 @@ module NodeJSLib {
     or
     methodName = ["ensureSymlink", "ensureSymlinkSync"] and i = [0, 1]
     or
-    methodName = ["emptyDir", "emptyDirSync"] and i = 0
+    methodName = ["emptyDir", "emptyDirSync", "emptydir", "emptydirSync"] and i = 0
     or
     methodName = ["pathExists", "pathExistsSync"] and i = 0
   }
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
@@ -62,6 +62,8 @@
 | more-fs-extra.js:17:31:17:38 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:17:31:17:38 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
 | more-fs-extra.js:18:15:18:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:18:15:18:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
 | more-fs-extra.js:19:25:19:32 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:19:25:19:32 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
+| more-fs-extra.js:20:21:20:28 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:20:21:20:28 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
+| more-fs-extra.js:21:17:21:24 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:21:17:21:24 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
 | normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
 | normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
 | normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
@@ -368,6 +370,8 @@ edges
 | more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:17:31:17:38 | filename | provenance |  |
 | more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:18:15:18:22 | filename | provenance |  |
 | more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:19:25:19:32 | filename | provenance |  |
+| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:20:21:20:28 | filename | provenance |  |
+| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:21:17:21:24 | filename | provenance |  |
 | more-fs-extra.js:8:13:8:20 | filename | more-fs-extra.js:8:11:8:33 | filename | provenance |  |
 | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:8:11:8:22 | { filename } | provenance |  |
 | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | provenance |  |
@@ -864,6 +868,8 @@ nodes
 | more-fs-extra.js:17:31:17:38 | filename | semmle.label | filename |
 | more-fs-extra.js:18:15:18:22 | filename | semmle.label | filename |
 | more-fs-extra.js:19:25:19:32 | filename | semmle.label | filename |
+| more-fs-extra.js:20:21:20:28 | filename | semmle.label | filename |
+| more-fs-extra.js:21:17:21:24 | filename | semmle.label | filename |
 | normalizedPaths.js:11:7:11:27 | path | semmle.label | path |
 | normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path |
 | normalizedPaths.js:13:19:13:22 | path | semmle.label | path |
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/more-fs-extra.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/more-fs-extra.js
@@ -17,8 +17,8 @@ app.post('/rmsync', (req, res) => {
     fs.copyFileSync("source", filename); // $ Alert
     fs.cpSync(filename, "destination"); // $ Alert
     fs.cpSync("source", filename); // $ Alert
-    fs.emptydirSync(filename); // MISSING: $ Alert
-    fs.emptydir(filename); // MISSING: $ Alert
+    fs.emptydirSync(filename); // $ Alert
+    fs.emptydir(filename); // $ Alert
     fs.opendir(filename); // $ MISSING: Alert
     fs.opendirSync(filename); // $ MISSING: Alert
     fs.openAsBlob(filename); // $ MISSING: Alert

Original file line number	Diff line number	Diff line change
`@@ -462,7 +462,7 @@ module NodeJSLib {`
`462`	`462`	`or`
`463`	`463`	`methodName = ["ensureSymlink", "ensureSymlinkSync"] and i = [0, 1]`
`464`	`464`	`or`
`465`		`- methodName = ["emptyDir", "emptyDirSync"] and i = 0`
	`465`	`+ methodName = ["emptyDir", "emptyDirSync", "emptydir", "emptydirSync"] and i = 0`
`466`	`466`	`or`
`467`	`467`	`methodName = ["pathExists", "pathExistsSync"] and i = 0`
`468`	`468`	`}`