JS: update 'command-line-injection' sink kind to 'command-injection'

Jami Cogswell · Jami Cogswell · commit 7880e9e92c20 · 2023-05-16T15:45:55.000-04:00
diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst
@@ -53,7 +53,7 @@ Note that this sink is already recognized by the CodeQL JS analysis, but for thi
         pack: codeql/javascript-all
         extensible: sinkModel
       data:
-        - ["execa", "Member[shell].Argument[0]", "command-line-injection"]
+        - ["execa", "Member[shell].Argument[0]", "command-injection"]
 
 
 - Since we're adding a new sink, we add a tuple to the **sinkModel** extensible predicate.
@@ -64,7 +64,7 @@ Note that this sink is already recognized by the CodeQL JS analysis, but for thi
   - **Member[shell]** selects accesses to the **shell** member of the **execa** package.
   - **Argument[0]** selects the first argument to calls to that member.
 
-- **command-line-injection** indicates that this is considered a sink for the command injection query.
+- **command-injection** indicates that this is considered a sink for the command injection query.
 
 Example: Taint sources from window 'message' events
 ---------------------------------------------------
@@ -463,7 +463,7 @@ Sink kinds
 Unlike sources, sinks tend to be highly query-specific, rarely affecting more than one or two queries. Not every query supports customizable sinks. If the following sinks are not suitable for your use case, you should add a new query.
 
 - **code-injection**: A sink that can be used to inject code, such as in calls to **eval**.
-- **command-line-injection**: A sink that can be used to inject shell commands, such as in calls to **child_process.spawn**.
+- **command-injection**: A sink that can be used to inject shell commands, such as in calls to **child_process.spawn**.
 - **path-injection**: A sink that can be used for path injection in a file system access, such as in calls to **fs.readFile**.
 - **sql-injection**: A sink that can be used for SQL injection, such as in a MySQL **query** call.
 - **nosql-injection**: A sink that can be used for NoSQL injection, such as in a MongoDB **findOne** call.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
@@ -49,6 +49,6 @@ module CommandInjection {
   }
 
   private class SinkFromModel extends Sink {
-    SinkFromModel() { this = ModelOutput::getASinkNode("command-line-injection").asSink() }
+    SinkFromModel() { this = ModelOutput::getASinkNode("command-injection").asSink() }
   }
 }
diff --git a/javascript/ql/test/library-tests/DataExtensions/execa.model.yml b/javascript/ql/test/library-tests/DataExtensions/execa.model.yml
@@ -6,5 +6,5 @@ extensions:
       - [
           "@example/execa",
           "Member[shell].Argument[0]",
-          "command-line-injection",
+          "command-injection",
         ]

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,6 @@ module CommandInjection {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`private class SinkFromModel extends Sink {`
`52`		`- SinkFromModel() { this = ModelOutput::getASinkNode("command-line-injection").asSink() }`
	`52`	`+ SinkFromModel() { this = ModelOutput::getASinkNode("command-injection").asSink() }`
`53`	`53`	`}`
`54`	`54`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,5 +6,5 @@ extensions:`
`6`	`6`	`- [`
`7`	`7`	`"@example/execa",`
`8`	`8`	`"Member[shell].Argument[0]",`
`9`		`- "command-line-injection",`
	`9`	`+ "command-injection",`
`10`	`10`	`]`