recognize more exported functions in js/shell-command-constructed-from-input

erik-krogh · erik-krogh · commit 4ef569fbbe9e · 2020-12-21T13:50:22.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
@@ -53,7 +53,7 @@ module UnsafeShellCommandConstruction {
     ExternalInputSource() {
       this =
         Exports::getAValueExportedBy(Exports::getTopmostPackageJSON())
-            .(DataFlow::FunctionNode)
+            .getAFunctionValue()
             .getAParameter() and
       not this.getName() = ["cmd", "command"] // looks to be on purpose.
     }

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ module UnsafeShellCommandConstruction {`
`53`	`53`	`ExternalInputSource() {`
`54`	`54`	`this =`
`55`	`55`	`Exports::getAValueExportedBy(Exports::getTopmostPackageJSON())`
`56`		`- .(DataFlow::FunctionNode)`
	`56`	`+ .getAFunctionValue()`
`57`	`57`	`.getAParameter() and`
`58`	`58`	`not this.getName() = ["cmd", "command"] // looks to be on purpose.`
`59`	`59`	`}`