Skip to content

Commit 61cc415

Browse files
committed
add model of the util.promisify library
1 parent 2f3ea44 commit 61cc415

File tree

4 files changed

+55
-2
lines changed

4 files changed

+55
-2
lines changed
Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
lgtm,codescanning
22
* Support for libraries modeling `promisify` and `promisifyAll` functions have been improved.
33
Affected packages are
4-
[pify](https://www.npmjs.com/package/pify)
4+
[pify](https://www.npmjs.com/package/pify),
5+
[util.promisify](https://www.npmjs.com/package/util.promisify)

javascript/ql/src/semmle/javascript/Promises.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -685,7 +685,7 @@ module Promisify {
685685
PromisifyCall() {
686686
this = DataFlow::moduleImport(["util", "bluebird"]).getAMemberCall("promisify")
687687
or
688-
this = DataFlow::moduleImport("pify").getACall()
688+
this = DataFlow::moduleImport(["pify", "util.promisify"]).getACall()
689689
}
690690
}
691691
}

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2305,6 +2305,23 @@ nodes
23052305
| other-fs-libraries.js:55:36:55:39 | path |
23062306
| other-fs-libraries.js:55:36:55:39 | path |
23072307
| other-fs-libraries.js:55:36:55:39 | path |
2308+
| other-fs-libraries.js:57:46:57:49 | path |
2309+
| other-fs-libraries.js:57:46:57:49 | path |
2310+
| other-fs-libraries.js:57:46:57:49 | path |
2311+
| other-fs-libraries.js:57:46:57:49 | path |
2312+
| other-fs-libraries.js:57:46:57:49 | path |
2313+
| other-fs-libraries.js:57:46:57:49 | path |
2314+
| other-fs-libraries.js:57:46:57:49 | path |
2315+
| other-fs-libraries.js:57:46:57:49 | path |
2316+
| other-fs-libraries.js:57:46:57:49 | path |
2317+
| other-fs-libraries.js:57:46:57:49 | path |
2318+
| other-fs-libraries.js:57:46:57:49 | path |
2319+
| other-fs-libraries.js:57:46:57:49 | path |
2320+
| other-fs-libraries.js:57:46:57:49 | path |
2321+
| other-fs-libraries.js:57:46:57:49 | path |
2322+
| other-fs-libraries.js:57:46:57:49 | path |
2323+
| other-fs-libraries.js:57:46:57:49 | path |
2324+
| other-fs-libraries.js:57:46:57:49 | path |
23082325
| prettier.js:6:11:6:28 | p |
23092326
| prettier.js:6:11:6:28 | p |
23102327
| prettier.js:6:11:6:28 | p |
@@ -6717,6 +6734,38 @@ edges
67176734
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path |
67186735
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path |
67196736
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path |
6737+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6738+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6739+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6740+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6741+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6742+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6743+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6744+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6745+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6746+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6747+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6748+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6749+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6750+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6751+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6752+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6753+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6754+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6755+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6756+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6757+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6758+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6759+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6760+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6761+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6762+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6763+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6764+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6765+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6766+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6767+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
6768+
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
67206769
| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
67216770
| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
67226771
| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
@@ -8452,6 +8501,7 @@ edges
84528501
| other-fs-libraries.js:52:24:52:27 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:52:24:52:27 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
84538502
| other-fs-libraries.js:54:36:54:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:54:36:54:39 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
84548503
| other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
8504+
| other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
84558505
| prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
84568506
| prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
84578507
| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,4 +53,6 @@ http.createServer(function(req, res) {
5353

5454
require("pify")(fs.readFileSync)(path); // NOT OK
5555
require("pify")(fs).readFileSync(path); // NOT OK
56+
57+
require('util.promisify')(fs.readFileSync)(path); // NOT OK
5658
});

0 commit comments

Comments
 (0)