Added support for cp functions from fs-extra.

Author: Napalys

javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll

@@ -434,7 +434,7 @@ module NodeJSLib {
    * method might represent a file path.
    */
   private predicate fsExtraExtensionFileParam(string methodName, int i) {
-    methodName = ["copy", "copySync", "copyFile"] and i = [0, 1]
+    methodName = ["copy", "copySync", "copyFile", "cp", "copyFileSync", "cpSync"] and i = [0, 1]
     or
     methodName = ["move", "moveSync"] and i = [0, 1]
     or

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

@@ -52,6 +52,12 @@
 | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |
 | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value |
 | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value |
+| more-fs-extra.js:14:11:14:18 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:14:11:14:18 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
+| more-fs-extra.js:15:21:15:28 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:15:21:15:28 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
+| more-fs-extra.js:16:21:16:28 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:16:21:16:28 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
+| more-fs-extra.js:17:31:17:38 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:17:31:17:38 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
+| more-fs-extra.js:18:15:18:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:18:15:18:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
+| more-fs-extra.js:19:25:19:32 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:19:25:19:32 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value |
 | normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
 | normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
 | normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
@@ -347,6 +353,15 @@ edges
 | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance |  |
 | hapi.js:14:19:14:51 | filepath | hapi.js:15:44:15:51 | filepath | provenance |  |
 | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance |  |
+| more-fs-extra.js:8:11:8:22 | { filename } | more-fs-extra.js:8:13:8:20 | filename | provenance | Config |
+| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:14:11:14:18 | filename | provenance |  |
+| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:15:21:15:28 | filename | provenance |  |
+| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:16:21:16:28 | filename | provenance |  |
+| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:17:31:17:38 | filename | provenance |  |
+| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:18:15:18:22 | filename | provenance |  |
+| more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:19:25:19:32 | filename | provenance |  |
+| more-fs-extra.js:8:13:8:20 | filename | more-fs-extra.js:8:11:8:33 | filename | provenance |  |
+| more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:8:11:8:22 | { filename } | provenance |  |
 | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | provenance |  |
 | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | provenance |  |
 | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | provenance |  |
@@ -827,6 +842,16 @@ nodes
 | hapi.js:14:19:14:51 | filepath | semmle.label | filepath |
 | hapi.js:14:30:14:51 | request ... ilepath | semmle.label | request ... ilepath |
 | hapi.js:15:44:15:51 | filepath | semmle.label | filepath |
+| more-fs-extra.js:8:11:8:22 | { filename } | semmle.label | { filename } |
+| more-fs-extra.js:8:11:8:33 | filename | semmle.label | filename |
+| more-fs-extra.js:8:13:8:20 | filename | semmle.label | filename |
+| more-fs-extra.js:8:26:8:33 | req.body | semmle.label | req.body |
+| more-fs-extra.js:14:11:14:18 | filename | semmle.label | filename |
+| more-fs-extra.js:15:21:15:28 | filename | semmle.label | filename |
+| more-fs-extra.js:16:21:16:28 | filename | semmle.label | filename |
+| more-fs-extra.js:17:31:17:38 | filename | semmle.label | filename |
+| more-fs-extra.js:18:15:18:22 | filename | semmle.label | filename |
+| more-fs-extra.js:19:25:19:32 | filename | semmle.label | filename |
 | normalizedPaths.js:11:7:11:27 | path | semmle.label | path |
 | normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path |
 | normalizedPaths.js:13:19:13:22 | path | semmle.label | path |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/more-fs-extra.js

@@ -5,18 +5,18 @@ const app = express();
 app.use(express.json());
 
 app.post('/rmsync', (req, res) => {
-    const { filename } = req.body; // $ MISSING: Source
+    const { filename } = req.body; // $ Source
 
     fs.rmSync(filename); // MISSING: $ Alert
     fs.rm(filename); // MISSING: $ Alert
     fs.rmdir(filename); // MISSING: $ Alert
     fs.rmdirSync(filename); // MISSING: $ Alert
-    fs.cp(filename, "destination"); // MISSING: $ Alert
-    fs.cp("source", filename); // MISSING: $ Alert
-    fs.copyFileSync(filename, "destination"); // MISSING: $ Alert
-    fs.copyFileSync("source", filename); // MISSING: $ Alert
-    fs.cpSync(filename, "destination"); // MISSING: $ Alert
-    fs.cpSync("source", filename); // MISSING: $ Alert
+    fs.cp(filename, "destination"); // $ Alert
+    fs.cp("source", filename); // $ Alert
+    fs.copyFileSync(filename, "destination"); // $ Alert
+    fs.copyFileSync("source", filename); // $ Alert
+    fs.cpSync(filename, "destination"); // $ Alert
+    fs.cpSync("source", filename); // $ Alert
     fs.emptydirSync(filename); // MISSING: $ Alert
     fs.emptydir(filename); // MISSING: $ Alert
     fs.opendir(filename); // $ MISSING: Alert