JS: Add EmailClients lib

Author: asger-semmle

javascript/ql/src/javascript.qll

@@ -13,6 +13,7 @@ import semmle.javascript.Constants
 import semmle.javascript.DataFlow
 import semmle.javascript.DefUse
 import semmle.javascript.DOM
+import semmle.javascript.EmailClients
 import semmle.javascript.Errors
 import semmle.javascript.ES2015Modules
 import semmle.javascript.Expr

javascript/ql/src/semmle/javascript/EmailClients.qll

@@ -0,0 +1,68 @@
+import javascript
+
+/**
+ * An operation that sends an email.
+ */
+abstract class EmailSender extends DataFlow::DefaultSourceNode {
+  /**
+   * Gets a data flow node holding the plaintext version of the email body.
+   */
+  abstract DataFlow::Node getPlainTextBody();
+
+  /**
+   * Gets a data flow node holding the HTML body of the email.
+   */
+  abstract DataFlow::Node getHtmlBody();
+
+  /**
+   * Gets a data flow node holding the address of the email recipient(s).
+   */
+  abstract DataFlow::Node getTo();
+
+  /**
+   * Gets a data flow node holding the address of the email sender.
+   */
+  abstract DataFlow::Node getFrom();
+
+  /**
+   * Gets a data flow node holding the email subject.
+   */
+  abstract DataFlow::Node getSubject();
+
+  /**
+   * Gets a data flow node that refers to the HTML body or plaintext body of the email.
+   */
+  DataFlow::Node getABody() {
+    result = getPlainTextBody() or
+    result = getHtmlBody()
+  }
+}
+
+/**
+ * An email-sending call based on the `nodemailer` package.
+ */
+private class NodemailerEmailSender extends EmailSender, DataFlow::MethodCallNode {
+  NodemailerEmailSender() {
+    this = DataFlow::moduleMember("nodemailer", "createTransport").getACall().getAMethodCall("sendMail")
+  }
+
+  override DataFlow::Node getPlainTextBody() {
+    result = getOptionArgument(0, "text")
+  }
+
+  override DataFlow::Node getHtmlBody() {
+    result = getOptionArgument(0, "html")
+  }
+
+  override DataFlow::Node getTo() {
+    result = getOptionArgument(0, "to")
+   }
+
+  override DataFlow::Node getFrom() {
+    result = getOptionArgument(0, "from")
+   }
+
+  override DataFlow::Node getSubject() {
+    result = getOptionArgument(0, "subject")
+  }
+}

javascript/ql/test/library-tests/EmailClients/EmailClients.expected

@@ -0,0 +1 @@
+| tst.js:17:2:19:3 | transpo ... ');\\n\\t}) | tst.js:11:12:11:31 | 'sender@example.com' | tst.js:12:10:12:55 | 'receiv ... le.com' | tst.js:13:15:13:28 | 'Some subject' | tst.js:14:12:14:15 | 'Hi' | tst.js:15:12:15:22 | '<b>Hi</b>' |

javascript/ql/test/library-tests/EmailClients/EmailClients.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from EmailSender send
+select send, send.getFrom(), send.getTo(), send.getSubject(), send.getPlainTextBody(), send.getHtmlBody()

javascript/ql/test/library-tests/EmailClients/tst.js

@@ -0,0 +1,20 @@
+let nodemailer = require('nodemailer');
+let config = require('./account-config');
+
+function sendMessage() {
+	let transporter = nodemailer.createTransport({
+	    host: config.host,
+	    port: config.host,
+	    auth: config.auth
+	});
+	let mailOptions = {
+	    from: 'sender@example.com',
+	    to: 'receiver1@example.com, receiver2@example.com',
+	    subject: 'Some subject',
+	    text: 'Hi',
+	    html: '<b>Hi</b>'
+	};
+	transporter.sendMail(mailOptions, (error, info) => {
+	    console.log('Message sent');
+	});
+}