add another test for the resolve library

erik-krogh · erik-krogh · commit 5961dd1459af · 2021-06-06T22:54:12.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
@@ -2594,12 +2594,18 @@ nodes
 | tainted-require.js:7:19:7:37 | req.param("module") |
 | tainted-require.js:7:19:7:37 | req.param("module") |
 | tainted-require.js:7:19:7:37 | req.param("module") |
-| tainted-require.js:12:24:12:42 | req.param("module") |
-| tainted-require.js:12:24:12:42 | req.param("module") |
-| tainted-require.js:12:24:12:42 | req.param("module") |
-| tainted-require.js:12:24:12:42 | req.param("module") |
-| tainted-require.js:12:24:12:42 | req.param("module") |
-| tainted-require.js:12:24:12:42 | req.param("module") |
+| tainted-require.js:12:29:12:47 | req.param("module") |
+| tainted-require.js:12:29:12:47 | req.param("module") |
+| tainted-require.js:12:29:12:47 | req.param("module") |
+| tainted-require.js:12:29:12:47 | req.param("module") |
+| tainted-require.js:12:29:12:47 | req.param("module") |
+| tainted-require.js:12:29:12:47 | req.param("module") |
+| tainted-require.js:14:11:14:29 | req.param("module") |
+| tainted-require.js:14:11:14:29 | req.param("module") |
+| tainted-require.js:14:11:14:29 | req.param("module") |
+| tainted-require.js:14:11:14:29 | req.param("module") |
+| tainted-require.js:14:11:14:29 | req.param("module") |
+| tainted-require.js:14:11:14:29 | req.param("module") |
 | tainted-sendFile.js:8:16:8:33 | req.param("gimme") |
 | tainted-sendFile.js:8:16:8:33 | req.param("gimme") |
 | tainted-sendFile.js:8:16:8:33 | req.param("gimme") |
@@ -7096,7 +7102,8 @@ edges
 | tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
 | tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 |
 | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") |
-| tainted-require.js:12:24:12:42 | req.param("module") | tainted-require.js:12:24:12:42 | req.param("module") |
+| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") |
+| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") |
 | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") |
 | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") |
 | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") |
@@ -8311,7 +8318,8 @@ edges
 | tainted-access-paths.js:30:23:30:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:30:23:30:30 | obj.sub4 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
 | tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on $@. | tainted-access-paths.js:6:24:6:30 | req.url | a user-provided value |
 | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on $@. | tainted-require.js:7:19:7:37 | req.param("module") | a user-provided value |
-| tainted-require.js:12:24:12:42 | req.param("module") | tainted-require.js:12:24:12:42 | req.param("module") | tainted-require.js:12:24:12:42 | req.param("module") | This path depends on $@. | tainted-require.js:12:24:12:42 | req.param("module") | a user-provided value |
+| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on $@. | tainted-require.js:12:29:12:47 | req.param("module") | a user-provided value |
+| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on $@. | tainted-require.js:14:11:14:29 | req.param("module") | a user-provided value |
 | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | a user-provided value |
 | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | a user-provided value |
 | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | This path depends on $@. | tainted-sendFile.js:18:43:18:58 | req.param("dir") | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js
@@ -9,5 +9,9 @@ app.get('/some/path', function(req, res) {
 
 const resolve = require("resolve");
 app.get('/some/path', function(req, res) {
-  var module = resolve(req.param("module")); // NOT OK - resolving module based on query parameters
+  var module = resolve.sync(req.param("module")); // NOT OK - resolving module based on query parameters
+
+  resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // NOT OK - resolving module based on query parameters
+    var module = res;
+  });
 });
