JS: Do simple modeling of process.stdin as threat-model source

RasmusWL · RasmusWL · commit eca8bf5a35ec · 2024-10-31T14:26:45.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.model.yml b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.model.yml
@@ -6,3 +6,5 @@ extensions:
       extensible: sourceModel
     data:
       - ['fs', 'Member[promises].Member[readFile].ReturnValue.Member[then].Argument[0].Parameter[0]', 'file']
+      - ['global', 'Member[process].Member[stdin].Member[read].ReturnValue', 'stdin']
+      - ['global', 'Member[process].Member[stdin].Member[on,addListener].WithStringArgument[0=data].Argument[1].Parameter[0]', 'stdin']
diff --git a/javascript/ql/test/library-tests/threat-models/sources/sources.js b/javascript/ql/test/library-tests/threat-models/sources/sources.js
@@ -94,12 +94,12 @@ rl_file.on("line", (line) => {
 // ------ reading from stdin ------
 
 // Accessing stdin using process.stdin
-process.stdin.on('data', (data) => { // $ MISSING: threat-source=stdin
-    SINK(data); // $ MISSING: hasFlow
+process.stdin.on('data', (data) => { // $ threat-source=stdin
+    SINK(data); // $ hasFlow
 });
 
-const stdin_line = process.stdin.read(); // $ MISSING: threat-source=stdin
-SINK(stdin_line); // $ MISSING: hasFlow
+const stdin_line = process.stdin.read(); // $ threat-source=stdin
+SINK(stdin_line); // $ hasFlow
 
 // Accessing stdin using readline
 const readline = require('readline');
