jorgectf
diff --git a/‎javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
Lines changed: 2 additions & 0 deletions b/‎javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
Lines changed: 60 additions & 56 deletions b/‎javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
Lines changed: 60 additions & 56 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/Consistency.expected b/‎javascript/ql/test/query-tests/Security/CWE-078/Consistency.expected
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql
Lines changed: 22 additions & 0 deletions b/‎javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql
Lines changed: 22 additions & 0 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat.expected
Lines changed: 3 additions & 6 deletions b/‎javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat.expected
Lines changed: 3 additions & 6 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat.ql
Lines changed: 0 additions & 16 deletions b/‎javascript/ql/test/query-tests/Security/CWE-078/UselessUseOfCat.ql
Lines changed: 0 additions & 16 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/child_process-test.js
Lines changed: 9 additions & 6 deletions b/‎javascript/ql/test/query-tests/Security/CWE-078/child_process-test.js
Lines changed: 9 additions & 6 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/command-line-parameter-command-injection.js
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/test/query-tests/Security/CWE-078/command-line-parameter-command-injection.js
Lines changed: 1 addition & 1 deletion
@@ -302,6 +302,8 @@ private module Mongoose {
         MongoDB::CollectionMethodSignatures::interpretsArgumentAsQuery(name, n)
         or
         name = "findByIdAndUpdate" and n = 1
+        or
+        name = "where" and n = 0
       }
 
       /**
 
@@ -29,30 +29,32 @@ nodes
 | child_process-test.js:39:26:39:28 | cmd |
 | child_process-test.js:43:15:43:17 | cmd |
 | child_process-test.js:43:15:43:17 | cmd |
-| child_process-test.js:50:15:50:17 | cmd |
-| child_process-test.js:50:15:50:17 | cmd |
-| child_process-test.js:53:25:53:58 | ['/C',  ... , cmd]) |
-| child_process-test.js:53:25:53:58 | ['/C',  ... , cmd]) |
-| child_process-test.js:53:46:53:57 | ["bar", cmd] |
-| child_process-test.js:53:46:53:57 | ["bar", cmd] |
-| child_process-test.js:53:54:53:56 | cmd |
-| child_process-test.js:53:54:53:56 | cmd |
-| child_process-test.js:54:25:54:49 | ['/C',  ... at(cmd) |
-| child_process-test.js:54:25:54:49 | ['/C',  ... at(cmd) |
-| child_process-test.js:54:46:54:48 | cmd |
-| child_process-test.js:70:9:70:49 | cmd |
-| child_process-test.js:70:15:70:38 | url.par ... , true) |
-| child_process-test.js:70:15:70:44 | url.par ... ).query |
-| child_process-test.js:70:15:70:49 | url.par ... ry.path |
-| child_process-test.js:70:25:70:31 | req.url |
-| child_process-test.js:70:25:70:31 | req.url |
-| child_process-test.js:72:29:72:31 | cmd |
-| child_process-test.js:72:29:72:31 | cmd |
-| child_process-test.js:80:19:80:36 | req.query.fileName |
-| child_process-test.js:80:19:80:36 | req.query.fileName |
-| child_process-test.js:80:19:80:36 | req.query.fileName |
-| child_process-test.js:82:37:82:54 | req.query.fileName |
-| child_process-test.js:82:37:82:54 | req.query.fileName |
+| child_process-test.js:48:15:48:17 | cmd |
+| child_process-test.js:48:15:48:17 | cmd |
+| child_process-test.js:53:15:53:17 | cmd |
+| child_process-test.js:53:15:53:17 | cmd |
+| child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) |
+| child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) |
+| child_process-test.js:56:46:56:57 | ["bar", cmd] |
+| child_process-test.js:56:46:56:57 | ["bar", cmd] |
+| child_process-test.js:56:54:56:56 | cmd |
+| child_process-test.js:56:54:56:56 | cmd |
+| child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) |
+| child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) |
+| child_process-test.js:57:46:57:48 | cmd |
+| child_process-test.js:73:9:73:49 | cmd |
+| child_process-test.js:73:15:73:38 | url.par ... , true) |
+| child_process-test.js:73:15:73:44 | url.par ... ).query |
+| child_process-test.js:73:15:73:49 | url.par ... ry.path |
+| child_process-test.js:73:25:73:31 | req.url |
+| child_process-test.js:73:25:73:31 | req.url |
+| child_process-test.js:75:29:75:31 | cmd |
+| child_process-test.js:75:29:75:31 | cmd |
+| child_process-test.js:83:19:83:36 | req.query.fileName |
+| child_process-test.js:83:19:83:36 | req.query.fileName |
+| child_process-test.js:83:19:83:36 | req.query.fileName |
+| child_process-test.js:85:37:85:54 | req.query.fileName |
+| child_process-test.js:85:37:85:54 | req.query.fileName |
 | execSeries.js:3:20:3:22 | arr |
 | execSeries.js:6:14:6:16 | arr |
 | execSeries.js:6:14:6:21 | arr[i++] |
@@ -139,11 +141,13 @@ edges
 | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd |
 | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd |
 | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd |
-| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:50:15:50:17 | cmd |
-| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:50:15:50:17 | cmd |
-| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:54:53:56 | cmd |
-| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:54:53:56 | cmd |
-| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:54:46:54:48 | cmd |
+| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd |
+| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd |
+| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd |
+| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd |
+| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd |
+| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd |
+| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd |
 | child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:44 | url.par ... ).query |
 | child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path |
 | child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path |
@@ -154,22 +158,22 @@ edges
 | child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
 | child_process-test.js:39:26:39:28 | cmd | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
 | child_process-test.js:39:26:39:28 | cmd | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
-| child_process-test.js:53:46:53:57 | ["bar", cmd] | child_process-test.js:53:25:53:58 | ['/C',  ... , cmd]) |
-| child_process-test.js:53:46:53:57 | ["bar", cmd] | child_process-test.js:53:25:53:58 | ['/C',  ... , cmd]) |
-| child_process-test.js:53:54:53:56 | cmd | child_process-test.js:53:46:53:57 | ["bar", cmd] |
-| child_process-test.js:53:54:53:56 | cmd | child_process-test.js:53:46:53:57 | ["bar", cmd] |
-| child_process-test.js:54:46:54:48 | cmd | child_process-test.js:54:25:54:49 | ['/C',  ... at(cmd) |
-| child_process-test.js:54:46:54:48 | cmd | child_process-test.js:54:25:54:49 | ['/C',  ... at(cmd) |
-| child_process-test.js:70:9:70:49 | cmd | child_process-test.js:72:29:72:31 | cmd |
-| child_process-test.js:70:9:70:49 | cmd | child_process-test.js:72:29:72:31 | cmd |
-| child_process-test.js:70:15:70:38 | url.par ... , true) | child_process-test.js:70:15:70:44 | url.par ... ).query |
-| child_process-test.js:70:15:70:44 | url.par ... ).query | child_process-test.js:70:15:70:49 | url.par ... ry.path |
-| child_process-test.js:70:15:70:49 | url.par ... ry.path | child_process-test.js:70:9:70:49 | cmd |
-| child_process-test.js:70:25:70:31 | req.url | child_process-test.js:70:15:70:38 | url.par ... , true) |
-| child_process-test.js:70:25:70:31 | req.url | child_process-test.js:70:15:70:38 | url.par ... , true) |
-| child_process-test.js:80:19:80:36 | req.query.fileName | child_process-test.js:80:19:80:36 | req.query.fileName |
-| child_process-test.js:82:37:82:54 | req.query.fileName | lib/subLib/index.js:7:32:7:35 | name |
-| child_process-test.js:82:37:82:54 | req.query.fileName | lib/subLib/index.js:7:32:7:35 | name |
+| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) |
+| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) |
+| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] |
+| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] |
+| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) |
+| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) |
+| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd |
+| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd |
+| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:15:73:44 | url.par ... ).query |
+| child_process-test.js:73:15:73:44 | url.par ... ).query | child_process-test.js:73:15:73:49 | url.par ... ry.path |
+| child_process-test.js:73:15:73:49 | url.par ... ry.path | child_process-test.js:73:9:73:49 | cmd |
+| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) |
+| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) |
+| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName |
+| child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib/index.js:7:32:7:35 | name |
+| child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib/index.js:7:32:7:35 | name |
 | execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr |
 | execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] |
 | execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command |
@@ -246,18 +250,18 @@ edges
 | child_process-test.js:39:5:39:31 | cp.spaw ...  cmd ]) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:39:18:39:30 | [ flag, cmd ] | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
 | child_process-test.js:39:5:39:31 | cp.spaw ...  cmd ]) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:39:26:39:28 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
 | child_process-test.js:44:5:44:34 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:51:5:51:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:50:15:50:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:53:5:53:59 | cp.spaw ...  cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:25:53:58 | ['/C',  ... , cmd]) | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:53:5:53:59 | cp.spaw ...  cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:46:53:57 | ["bar", cmd] | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:53:5:53:59 | cp.spaw ...  cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:54:53:56 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:54:5:54:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:49 | url.par ... ry.path | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:54:5:54:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:54:25:54:49 | ['/C',  ... at(cmd) | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:59:5:59:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:50:15:50:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:64:3:64:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:43:15:43:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
-| child_process-test.js:72:29:72:31 | cmd | child_process-test.js:70:25:70:31 | req.url | child_process-test.js:72:29:72:31 | cmd | This command depends on $@. | child_process-test.js:70:25:70:31 | req.url | a user-provided value |
-| child_process-test.js:80:19:80:36 | req.query.fileName | child_process-test.js:80:19:80:36 | req.query.fileName | child_process-test.js:80:19:80:36 | req.query.fileName | This command depends on $@. | child_process-test.js:80:19:80:36 | req.query.fileName | a user-provided value |
+| child_process-test.js:54:5:54:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
+| child_process-test.js:56:5:56:59 | cp.spaw ...  cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
+| child_process-test.js:56:5:56:59 | cp.spaw ...  cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:46:56:57 | ["bar", cmd] | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
+| child_process-test.js:56:5:56:59 | cp.spaw ...  cmd])) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:56:54:56:56 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
+| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:49 | url.par ... ry.path | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
+| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
+| child_process-test.js:62:5:62:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
+| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
+| child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | This command depends on $@. | child_process-test.js:73:25:73:31 | req.url | a user-provided value |
+| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command depends on $@. | child_process-test.js:83:19:83:36 | req.query.fileName | a user-provided value |
 | execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command depends on $@. | execSeries.js:18:34:18:40 | req.url | a user-provided value |
-| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | child_process-test.js:82:37:82:54 | req.query.fileName | lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | This command depends on $@. | child_process-test.js:82:37:82:54 | req.query.fileName | a user-provided value |
+| lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | child_process-test.js:85:37:85:54 | req.query.fileName | lib/subLib/index.js:8:10:8:25 | "rm -rf " + name | This command depends on $@. | child_process-test.js:85:37:85:54 | req.query.fileName | a user-provided value |
 | other.js:7:33:7:35 | cmd | other.js:5:25:5:31 | req.url | other.js:7:33:7:35 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
 | other.js:8:28:8:30 | cmd | other.js:5:25:5:31 | req.url | other.js:8:28:8:30 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
 | other.js:9:32:9:34 | cmd | other.js:5:25:5:31 | req.url | other.js:9:32:9:34 | cmd | This command depends on $@. | other.js:5:25:5:31 | req.url | a user-provided value |
 
@@ -0,0 +1,22 @@
+import javascript
+import testUtilities.ConsistencyChecking
+import semmle.javascript.security.dataflow.CommandInjection
+import semmle.javascript.security.dataflow.IndirectCommandInjection
+import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironment
+import semmle.javascript.security.dataflow.UnsafeShellCommandConstruction
+
+class CommandInjectionConsistency extends ConsistencyConfiguration {
+  CommandInjectionConsistency() { this = "ComandInjection" }
+
+  override File getAFile() { not result.getBaseName() = "uselesscat.js" }
+}
+
+import semmle.javascript.security.UselessUseOfCat
+
+class UselessCatConsistency extends ConsistencyConfiguration {
+  UselessCatConsistency() { this = "Cat" }
+
+  override DataFlow::Node getAnAlert() { result instanceof UselessCat }
+
+  override File getAFile() { result.getBaseName() = "uselesscat.js" }
+}
@@ -91,9 +91,9 @@ syncCommand
 | uselesscat.js:158:16:158:46 | cspawn. ... /bar']) |
 | uselesscat.js:159:16:159:68 | cspawn. ... tf8' }) |
 options
-| child_process-test.js:53:5:53:59 | cp.spaw ...  cmd])) | child_process-test.js:53:25:53:58 | ['/C',  ... , cmd]) |
-| child_process-test.js:54:5:54:50 | cp.spaw ... t(cmd)) | child_process-test.js:54:25:54:49 | ['/C',  ... at(cmd) |
-| child_process-test.js:64:3:64:21 | cp.spawn(cmd, args) | child_process-test.js:64:17:64:20 | args |
+| child_process-test.js:56:5:56:59 | cp.spaw ...  cmd])) | child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) |
+| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) |
+| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:67:17:67:20 | args |
 | lib/lib.js:152:2:152:23 | cp.spaw ... gs, cb) | lib/lib.js:152:21:152:22 | cb |
 | lib/lib.js:159:2:159:23 | cp.spaw ... gs, cb) | lib/lib.js:159:21:159:22 | cb |
 | lib/lib.js:163:2:167:2 | cp.spaw ... t' }\\n\\t) | lib/lib.js:166:3:166:22 | { stdio: 'inherit' } |
@@ -115,6 +115,3 @@ options
 | uselesscat.js:156:1:156:35 | cspawn( ... tf8' }) | uselesscat.js:156:15:156:34 | { encoding: 'utf8' } |
 | uselesscat.js:159:16:159:68 | cspawn. ... tf8' }) | uselesscat.js:159:48:159:67 | { encoding: 'utf8' } |
 | uselesscat.js:164:1:164:76 | execmod ... (out)}) | uselesscat.js:164:24:164:41 | {encoding: 'utf8'} |
-#select
-| False negative | uselesscat.js:54:42:54:69 | // NOT  ... lagged] |
-| False positive | uselesscat.js:44:37:44:85 | // OK [ ... le read |
@@ -1,22 +1,6 @@
 import javascript
 import semmle.javascript.security.UselessUseOfCat
 
-from LineComment comment, string msg
-where
-  comment.getFile().getAbsolutePath().regexpMatch(".*/uselesscat.js") and
-  (
-    comment.getText().regexpMatch(".*NOT OK.*") and
-    not any(UselessCat cat).asExpr().getLocation().getStartLine() =
-      comment.getLocation().getStartLine() and
-    msg = "False negative"
-    or
-    comment.getText().regexpMatch(".* OK.*") and
-    not comment.getText().regexpMatch(".*NOT OK.*") and
-    any(UselessCat cat).asExpr().getLocation().getStartLine() = comment.getLocation().getStartLine() and
-    msg = "False positive"
-  )
-select msg, comment
-
 query string readFile(UselessCat cat) { result = PrettyPrintCatCall::createReadFileCall(cat) }
 
 query SystemCommandExecution syncCommand() { result.isSync() }
 
@@ -40,28 +40,31 @@ var server = http.createServer(function(req, res) {
 
     let args = [];
     args[0] = "-c";
-    args[1] = cmd;
-    cp.execFile("/bin/bash", args); // NOT OK
+    args[1] = cmd;  // NOT OK
+    cp.execFile("/bin/bash", args);
 
+    let args = [];
+    args[0] = "-c";
+    args[1] = cmd;  // NOT OK
     run("sh", args);
 
     let args = [];
     args[0] = `-` + "c";
-    args[1] = cmd;
-    cp.execFile(`/bin` + "/bash", args); // NOT OK
+    args[1] = cmd; // NOT OK
+    cp.execFile(`/bin` + "/bash", args);
 
     cp.spawn('cmd.exe', ['/C', 'foo'].concat(["bar", cmd])); // NOT OK
     cp.spawn('cmd.exe', ['/C', 'foo'].concat(cmd)); // NOT OK
 
 	let myArgs = [];
     myArgs.push(`-` + "c");
     myArgs.push(cmd);
-    cp.execFile(`/bin` + "/bash", args); // NOT OK
+    cp.execFile(`/bin` + "/bash", args); // NOT OK - but no support for `[].push()` for indirect arguments [INCONSISTENCY] 
 
 });
 
 function run(cmd, args) {
-  cp.spawn(cmd, args); // NOT OK
+  cp.spawn(cmd, args); // OK - the alert happens where `args` is build.
 }
 
 var util = require("util")
 
@@ -16,7 +16,7 @@ var cp = require("child_process");
 	cp.execSync("cmd.sh " + fewerArgs[0]); // NOT OK
 
 	var arg0 = fewerArgs[0];
-	cp.execSync(arg0); // OK
+	cp.execSync(arg0); // NOT OK
 	cp.execSync("cmd.sh " + arg0); // NOT OK
 });
Original file line number	Diff line number	Diff line change
`@@ -302,6 +302,8 @@ private module Mongoose {`
`302`	`302`	`MongoDB::CollectionMethodSignatures::interpretsArgumentAsQuery(name, n)`
`303`	`303`	`or`
`304`	`304`	`name = "findByIdAndUpdate" and n = 1`
	`305`	`+ or`
	`306`	`+ name = "where" and n = 0`
`305`	`307`	`}`
`306`	`308`
`307`	`309`	`/**`