JS: add models of five file system libraries

Esben Sparre Andreasen · Esben Sparre Andreasen · commit 444a09a17c40 · 2018-09-14T15:30:44.000+02:00
diff --git a/javascript/ql/src/javascript.qll b/javascript/ql/src/javascript.qll
@@ -59,6 +59,7 @@ import semmle.javascript.frameworks.Credentials
 import semmle.javascript.frameworks.CryptoLibraries
 import semmle.javascript.frameworks.DigitalOcean
 import semmle.javascript.frameworks.Electron
+import semmle.javascript.frameworks.Files
 import semmle.javascript.frameworks.jQuery
 import semmle.javascript.frameworks.LodashUnderscore
 import semmle.javascript.frameworks.Logging
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Files.qll b/javascript/ql/src/semmle/javascript/frameworks/Files.qll
@@ -0,0 +1,103 @@
+/**
+ * Provides classes for working with file system libraries.
+ */
+
+import javascript
+
+/**
+ * A file name from the `walk-sync` library.
+ */
+private class WalkSyncFileNameSource extends FileNameSource {
+
+  WalkSyncFileNameSource() {
+    // `require('walkSync')()`
+    this = DataFlow::moduleImport("walkSync").getACall()
+  }
+
+}
+
+/**
+ * A file name or an array of file names from the `walk` library.
+ */
+private class WalkFileNameSource extends FileNameSource {
+
+  WalkFileNameSource() {
+    // `stats.name` in `require('walk').walk(_).on(_,  (_, stats) => stats.name)`
+    exists (DataFlow::FunctionNode callback |
+      callback = DataFlow::moduleMember("walk", "walk").getACall().getAMethodCall("on").getCallback(1) |
+      this = callback.getParameter(1).getAPropertyRead("name")
+    )
+  }
+
+}
+
+/**
+ * A file name or an array of file names from the `glob` library.
+ */
+private class GlobFileNameSource extends FileNameSource {
+
+  GlobFileNameSource() {
+    exists (string moduleName |
+      moduleName = "glob" |
+      // `require('glob').sync(_)`
+      this = DataFlow::moduleMember(moduleName, "sync").getACall()
+      or
+      // `name` in `require('glob')(_, (e, name) => ...)`
+      this = DataFlow::moduleImport(moduleName).getACall().getCallback([1..2]).getParameter(1)
+      or
+      exists (DataFlow::NewNode instance |
+        instance = DataFlow::moduleMember(moduleName, "Glob").getAnInstantiation() |
+        // `name` in `new require('glob').Glob(_, (e, name) => ...)`
+        this = instance.getCallback([1..2]).getParameter(1) or
+        // `new require('glob').Glob(_).found`
+        this = instance.getAPropertyRead("found")
+      )
+    )
+  }
+
+}
+
+/**
+ * A file name or an array of file names from the `globby` library.
+ */
+private class GlobbyFileNameSource extends FileNameSource {
+
+  GlobbyFileNameSource() {
+    exists (string moduleName |
+      moduleName = "globby" |
+      // `require('globby').sync(_)`
+      this = DataFlow::moduleMember(moduleName, "sync").getACall()
+      or
+      // `files` in `require('globby')(_).then(files => ...)`
+      this = DataFlow::moduleImport(moduleName).getACall().getAMethodCall("then").getCallback(0).getParameter(0)
+    )
+  }
+
+}
+
+/**
+ * A file name or an array of file names from the `fast-glob` library.
+ */
+private class FastGlobFileNameSource extends FileNameSource {
+
+  FastGlobFileNameSource() {
+    exists (string moduleName |
+      moduleName = "fast-glob" |
+      // `require('fast-glob').sync(_)`
+      this = DataFlow::moduleMember(moduleName, "sync").getACall()
+      or
+      exists (DataFlow::SourceNode f |
+        f = DataFlow::moduleImport(moduleName)
+        or
+        f = DataFlow::moduleMember(moduleName, "async") |
+        // `files` in `require('fast-glob')(_).then(files => ...)` and
+        // `files` in `require('fast-glob').async(_).then(files => ...)`
+        this = f.getACall().getAMethodCall("then").getCallback(0).getParameter(0)
+      )
+      or
+      // `file` in `require('fast-glob').stream(_).on(_,  file => ...)`
+      this = DataFlow::moduleMember(moduleName, "stream").getACall().getAMethodCall("on").getCallback(1).getParameter(0)
+    )
+  }
+
+}
diff --git a/javascript/ql/test/library-tests/frameworks/Concepts/FileNameSource.expected b/javascript/ql/test/library-tests/frameworks/Concepts/FileNameSource.expected
@@ -0,0 +1,12 @@
+| tst-file-names.js:7:1:7:10 | walkSync() |
+| tst-file-names.js:9:35:9:44 | stats.name |
+| tst-file-names.js:11:1:11:12 | glob.sync(_) |
+| tst-file-names.js:13:13:13:16 | name |
+| tst-file-names.js:15:22:15:25 | name |
+| tst-file-names.js:17:1:17:22 | new glo ... ).found |
+| tst-file-names.js:19:1:19:14 | globby.sync(_) |
+| tst-file-names.js:21:16:21:20 | files |
+| tst-file-names.js:23:1:23:16 | fastGlob.sync(_) |
+| tst-file-names.js:25:18:25:22 | files |
+| tst-file-names.js:27:24:27:28 | files |
+| tst-file-names.js:29:27:29:30 | file |
diff --git a/javascript/ql/test/library-tests/frameworks/Concepts/FileNameSource.ql b/javascript/ql/test/library-tests/frameworks/Concepts/FileNameSource.ql
@@ -0,0 +1,3 @@
+import javascript
+
+select any(FileNameSource s)
diff --git a/javascript/ql/test/library-tests/frameworks/Concepts/tst-file-names.js b/javascript/ql/test/library-tests/frameworks/Concepts/tst-file-names.js
@@ -0,0 +1,29 @@
+let walkSync = require('walkSync'),
+    walk = require('walk'),
+    glob = require('glob'),
+    globby = require('globby'),
+    fastGlob = require('fast-glob');
+
+walkSync();
+
+walk.walk(_).on(_,  (_, stats) => stats.name); // XXX
+
+glob.sync(_);
+
+glob(_, (e, name) => name);
+
+new glob.Glob(_, (e, name) => name);
+
+new glob.Glob(_).found;
+
+globby.sync(_);
+
+globby(_).then(files => files)
+
+fastGlob.sync(_);
+
+fastGlob(_).then(files => files);
+
+fastGlob.async(_).then(files => files);
+
+fastGlob.stream(_).on(_,  file => file); // XXX

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+import javascript`
	`2`	`+`
	`3`	`+select any(FileNameSource s)`