add model of the thenify library

Author: erik-krogh

javascript/change-notes/2021-06-21-promisify.md

@@ -2,4 +2,5 @@ lgtm,codescanning
 * Support for libraries modeling `promisify` and `promisifyAll` functions have been improved. 
   Affected packages are
     [pify](https://www.npmjs.com/package/pify),
-    [util.promisify](https://www.npmjs.com/package/util.promisify)
+    [util.promisify](https://www.npmjs.com/package/util.promisify),
+    [thenify](https://www.npmjs.com/package/thenify)

javascript/ql/src/semmle/javascript/Promises.qll

@@ -686,6 +686,10 @@ module Promisify {
       this = DataFlow::moduleImport(["util", "bluebird"]).getAMemberCall("promisify")
       or
       this = DataFlow::moduleImport(["pify", "util.promisify"]).getACall()
+      or
+      this = DataFlow::moduleImport("thenify").getACall()
+      or
+      this = DataFlow::moduleMember("thenify", "withCallback").getACall()
     }
   }
 }

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

@@ -2322,6 +2322,23 @@ nodes
 | other-fs-libraries.js:57:46:57:49 | path |
 | other-fs-libraries.js:57:46:57:49 | path |
 | other-fs-libraries.js:57:46:57:49 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:59:39:59:42 | path |
 | prettier.js:6:11:6:28 | p |
 | prettier.js:6:11:6:28 | p |
 | prettier.js:6:11:6:28 | p |
@@ -6766,6 +6783,38 @@ edges
 | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
 | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
 | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
 | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
 | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
 | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
@@ -8502,6 +8551,7 @@ edges
 | other-fs-libraries.js:54:36:54:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:54:36:54:39 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
 | other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
 | other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
+| other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
 | prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
 | prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
 | pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js

@@ -55,4 +55,6 @@ http.createServer(function(req, res) {
   require("pify")(fs).readFileSync(path); // NOT OK
 
   require('util.promisify')(fs.readFileSync)(path); // NOT OK
+
+  require("thenify")(fs.readFileSync)(path); // NOT OK
 });