implement isShellInterpreted on ExecActionsCall

erik-krogh · erik-krogh · commit cbd7601a4125 · 2023-05-17T11:07:48.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll
@@ -78,5 +78,10 @@ private class ExecActionsCall extends SystemCommandExecution, DataFlow::CallNode
 
   override DataFlow::Node getOptionsArg() { result = this.getArgument(2) }
 
+  override predicate isShellInterpreted(DataFlow::Node arg) {
+    arg = this.getACommandArgument() and
+    not this.getArgumentList().getALocalSource() instanceof DataFlow::ArrayCreationNode
+  }
+
   override predicate isSync() { none() }
 }

Original file line number	Diff line number	Diff line change
`@@ -78,5 +78,10 @@ private class ExecActionsCall extends SystemCommandExecution, DataFlow::CallNode`
`78`	`78`
`79`	`79`	`override DataFlow::Node getOptionsArg() { result = this.getArgument(2) }`
`80`	`80`
	`81`	`+ override predicate isShellInterpreted(DataFlow::Node arg) {`
	`82`	`+ arg = this.getACommandArgument() and`
	`83`	`+ not this.getArgumentList().getALocalSource() instanceof DataFlow::ArrayCreationNode`
	`84`	`+ }`
	`85`	`+`
`81`	`86`	`override predicate isSync() { none() }`
`82`	`87`	`}`