Skip to content

Commit 9b194ea

Browse files
NapalysNapalys
committed
Added addHook to RouteSetup thus now it is recognized now as rouute handler
1 parent c175081 commit 9b194ea

File tree

4 files changed

+181
-21
lines changed

4 files changed

+181
-21
lines changed

Diff for: javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll

+1-1
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ module Fastify {
138138

139139
RouteSetup() {
140140
this = server(server).getAMethodCall(methodName) and
141-
methodName = ["route", "get", "head", "post", "put", "delete", "options", "patch"]
141+
methodName = ["route", "get", "head", "post", "put", "delete", "options", "patch", "addHook"]
142142
}
143143

144144
override DataFlow::SourceNode getARouteHandler() {

Diff for: javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected

+90
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,26 @@
2727
| express.js:20:34:20:38 | taint | express.js:19:17:19:35 | req.param("wobble") | express.js:20:34:20:38 | taint | This code execution depends on a $@. | express.js:19:17:19:35 | req.param("wobble") | user-provided value |
2828
| express.js:36:15:36:19 | taint | express.js:27:17:27:35 | req.param("wobble") | express.js:36:15:36:19 | taint | This code execution depends on a $@. | express.js:27:17:27:35 | req.param("wobble") | user-provided value |
2929
| express.js:43:10:43:12 | msg | express.js:42:30:42:32 | msg | express.js:43:10:43:12 | msg | This code execution depends on a $@. | express.js:42:30:42:32 | msg | user-provided value |
30+
| fastify.js:5:44:5:52 | userInput | fastify.js:4:21:4:33 | request.query | fastify.js:5:44:5:52 | userInput | This code execution depends on a $@. | fastify.js:4:21:4:33 | request.query | user-provided value |
31+
| fastify.js:5:44:5:52 | userInput | fastify.js:4:21:4:43 | request ... Request | fastify.js:5:44:5:52 | userInput | This code execution depends on a $@. | fastify.js:4:21:4:43 | request ... Request | user-provided value |
32+
| fastify.js:10:44:10:52 | userInput | fastify.js:9:21:9:33 | request.query | fastify.js:10:44:10:52 | userInput | This code execution depends on a $@. | fastify.js:9:21:9:33 | request.query | user-provided value |
33+
| fastify.js:10:44:10:52 | userInput | fastify.js:9:21:9:40 | request.query.onSend | fastify.js:10:44:10:52 | userInput | This code execution depends on a $@. | fastify.js:9:21:9:40 | request.query.onSend | user-provided value |
34+
| fastify.js:16:44:16:52 | userInput | fastify.js:15:21:15:33 | request.query | fastify.js:16:44:16:52 | userInput | This code execution depends on a $@. | fastify.js:15:21:15:33 | request.query | user-provided value |
35+
| fastify.js:16:44:16:52 | userInput | fastify.js:15:21:15:44 | request ... Parsing | fastify.js:16:44:16:52 | userInput | This code execution depends on a $@. | fastify.js:15:21:15:44 | request ... Parsing | user-provided value |
36+
| fastify.js:22:44:22:52 | userInput | fastify.js:21:21:21:33 | request.query | fastify.js:22:44:22:52 | userInput | This code execution depends on a $@. | fastify.js:21:21:21:33 | request.query | user-provided value |
37+
| fastify.js:22:44:22:52 | userInput | fastify.js:21:21:21:47 | request ... idation | fastify.js:22:44:22:52 | userInput | This code execution depends on a $@. | fastify.js:21:21:21:47 | request ... idation | user-provided value |
38+
| fastify.js:27:44:27:52 | userInput | fastify.js:26:21:26:33 | request.query | fastify.js:27:44:27:52 | userInput | This code execution depends on a $@. | fastify.js:26:21:26:33 | request.query | user-provided value |
39+
| fastify.js:27:44:27:52 | userInput | fastify.js:26:21:26:44 | request ... Handler | fastify.js:27:44:27:52 | userInput | This code execution depends on a $@. | fastify.js:26:21:26:44 | request ... Handler | user-provided value |
40+
| fastify.js:32:44:32:52 | userInput | fastify.js:31:21:31:33 | request.query | fastify.js:32:44:32:52 | userInput | This code execution depends on a $@. | fastify.js:31:21:31:33 | request.query | user-provided value |
41+
| fastify.js:32:44:32:52 | userInput | fastify.js:31:21:31:50 | request ... ization | fastify.js:32:44:32:52 | userInput | This code execution depends on a $@. | fastify.js:31:21:31:50 | request ... ization | user-provided value |
42+
| fastify.js:38:44:38:52 | userInput | fastify.js:37:21:37:33 | request.query | fastify.js:38:44:38:52 | userInput | This code execution depends on a $@. | fastify.js:37:21:37:33 | request.query | user-provided value |
43+
| fastify.js:38:44:38:52 | userInput | fastify.js:37:21:37:44 | request ... esponse | fastify.js:38:44:38:52 | userInput | This code execution depends on a $@. | fastify.js:37:21:37:44 | request ... esponse | user-provided value |
44+
| fastify.js:43:44:43:52 | userInput | fastify.js:42:21:42:33 | request.query | fastify.js:43:44:43:52 | userInput | This code execution depends on a $@. | fastify.js:42:21:42:33 | request.query | user-provided value |
45+
| fastify.js:43:44:43:52 | userInput | fastify.js:42:21:42:41 | request ... onError | fastify.js:43:44:43:52 | userInput | This code execution depends on a $@. | fastify.js:42:21:42:41 | request ... onError | user-provided value |
46+
| fastify.js:48:44:48:52 | userInput | fastify.js:47:21:47:33 | request.query | fastify.js:48:44:48:52 | userInput | This code execution depends on a $@. | fastify.js:47:21:47:33 | request.query | user-provided value |
47+
| fastify.js:48:44:48:52 | userInput | fastify.js:47:21:47:43 | request ... Timeout | fastify.js:48:44:48:52 | userInput | This code execution depends on a $@. | fastify.js:47:21:47:43 | request ... Timeout | user-provided value |
48+
| fastify.js:53:46:53:54 | userInput | fastify.js:52:23:52:35 | request.query | fastify.js:53:46:53:54 | userInput | This code execution depends on a $@. | fastify.js:52:23:52:35 | request.query | user-provided value |
49+
| fastify.js:53:46:53:54 | userInput | fastify.js:52:23:52:50 | request ... stAbort | fastify.js:53:46:53:54 | userInput | This code execution depends on a $@. | fastify.js:52:23:52:50 | request ... stAbort | user-provided value |
3050
| fastify.js:58:44:58:52 | userInput | fastify.js:57:21:57:33 | request.query | fastify.js:58:44:58:52 | userInput | This code execution depends on a $@. | fastify.js:57:21:57:33 | request.query | user-provided value |
3151
| fastify.js:58:44:58:52 | userInput | fastify.js:57:21:57:39 | request.query.input | fastify.js:58:44:58:52 | userInput | This code execution depends on a $@. | fastify.js:57:21:57:39 | request.query.input | user-provided value |
3252
| fastify.js:59:23:59:31 | userInput | fastify.js:57:21:57:33 | request.query | fastify.js:59:23:59:31 | userInput | This code execution depends on a $@. | fastify.js:57:21:57:33 | request.query | user-provided value |
@@ -79,6 +99,36 @@ edges
7999
| express.js:27:9:27:35 | taint | express.js:36:15:36:19 | taint | provenance | |
80100
| express.js:27:17:27:35 | req.param("wobble") | express.js:27:9:27:35 | taint | provenance | |
81101
| express.js:42:30:42:32 | msg | express.js:43:10:43:12 | msg | provenance | |
102+
| fastify.js:4:9:4:43 | userInput | fastify.js:5:44:5:52 | userInput | provenance | |
103+
| fastify.js:4:21:4:33 | request.query | fastify.js:4:9:4:43 | userInput | provenance | |
104+
| fastify.js:4:21:4:43 | request ... Request | fastify.js:4:9:4:43 | userInput | provenance | |
105+
| fastify.js:9:9:9:40 | userInput | fastify.js:10:44:10:52 | userInput | provenance | |
106+
| fastify.js:9:21:9:33 | request.query | fastify.js:9:9:9:40 | userInput | provenance | |
107+
| fastify.js:9:21:9:40 | request.query.onSend | fastify.js:9:9:9:40 | userInput | provenance | |
108+
| fastify.js:15:9:15:44 | userInput | fastify.js:16:44:16:52 | userInput | provenance | |
109+
| fastify.js:15:21:15:33 | request.query | fastify.js:15:9:15:44 | userInput | provenance | |
110+
| fastify.js:15:21:15:44 | request ... Parsing | fastify.js:15:9:15:44 | userInput | provenance | |
111+
| fastify.js:21:9:21:47 | userInput | fastify.js:22:44:22:52 | userInput | provenance | |
112+
| fastify.js:21:21:21:33 | request.query | fastify.js:21:9:21:47 | userInput | provenance | |
113+
| fastify.js:21:21:21:47 | request ... idation | fastify.js:21:9:21:47 | userInput | provenance | |
114+
| fastify.js:26:9:26:44 | userInput | fastify.js:27:44:27:52 | userInput | provenance | |
115+
| fastify.js:26:21:26:33 | request.query | fastify.js:26:9:26:44 | userInput | provenance | |
116+
| fastify.js:26:21:26:44 | request ... Handler | fastify.js:26:9:26:44 | userInput | provenance | |
117+
| fastify.js:31:9:31:50 | userInput | fastify.js:32:44:32:52 | userInput | provenance | |
118+
| fastify.js:31:21:31:33 | request.query | fastify.js:31:9:31:50 | userInput | provenance | |
119+
| fastify.js:31:21:31:50 | request ... ization | fastify.js:31:9:31:50 | userInput | provenance | |
120+
| fastify.js:37:9:37:44 | userInput | fastify.js:38:44:38:52 | userInput | provenance | |
121+
| fastify.js:37:21:37:33 | request.query | fastify.js:37:9:37:44 | userInput | provenance | |
122+
| fastify.js:37:21:37:44 | request ... esponse | fastify.js:37:9:37:44 | userInput | provenance | |
123+
| fastify.js:42:9:42:41 | userInput | fastify.js:43:44:43:52 | userInput | provenance | |
124+
| fastify.js:42:21:42:33 | request.query | fastify.js:42:9:42:41 | userInput | provenance | |
125+
| fastify.js:42:21:42:41 | request ... onError | fastify.js:42:9:42:41 | userInput | provenance | |
126+
| fastify.js:47:9:47:43 | userInput | fastify.js:48:44:48:52 | userInput | provenance | |
127+
| fastify.js:47:21:47:33 | request.query | fastify.js:47:9:47:43 | userInput | provenance | |
128+
| fastify.js:47:21:47:43 | request ... Timeout | fastify.js:47:9:47:43 | userInput | provenance | |
129+
| fastify.js:52:11:52:50 | userInput | fastify.js:53:46:53:54 | userInput | provenance | |
130+
| fastify.js:52:23:52:35 | request.query | fastify.js:52:11:52:50 | userInput | provenance | |
131+
| fastify.js:52:23:52:50 | request ... stAbort | fastify.js:52:11:52:50 | userInput | provenance | |
82132
| fastify.js:57:9:57:39 | userInput | fastify.js:58:44:58:52 | userInput | provenance | |
83133
| fastify.js:57:9:57:39 | userInput | fastify.js:59:23:59:31 | userInput | provenance | |
84134
| fastify.js:57:21:57:33 | request.query | fastify.js:57:9:57:39 | userInput | provenance | |
@@ -152,6 +202,46 @@ nodes
152202
| express.js:36:15:36:19 | taint | semmle.label | taint |
153203
| express.js:42:30:42:32 | msg | semmle.label | msg |
154204
| express.js:43:10:43:12 | msg | semmle.label | msg |
205+
| fastify.js:4:9:4:43 | userInput | semmle.label | userInput |
206+
| fastify.js:4:21:4:33 | request.query | semmle.label | request.query |
207+
| fastify.js:4:21:4:43 | request ... Request | semmle.label | request ... Request |
208+
| fastify.js:5:44:5:52 | userInput | semmle.label | userInput |
209+
| fastify.js:9:9:9:40 | userInput | semmle.label | userInput |
210+
| fastify.js:9:21:9:33 | request.query | semmle.label | request.query |
211+
| fastify.js:9:21:9:40 | request.query.onSend | semmle.label | request.query.onSend |
212+
| fastify.js:10:44:10:52 | userInput | semmle.label | userInput |
213+
| fastify.js:15:9:15:44 | userInput | semmle.label | userInput |
214+
| fastify.js:15:21:15:33 | request.query | semmle.label | request.query |
215+
| fastify.js:15:21:15:44 | request ... Parsing | semmle.label | request ... Parsing |
216+
| fastify.js:16:44:16:52 | userInput | semmle.label | userInput |
217+
| fastify.js:21:9:21:47 | userInput | semmle.label | userInput |
218+
| fastify.js:21:21:21:33 | request.query | semmle.label | request.query |
219+
| fastify.js:21:21:21:47 | request ... idation | semmle.label | request ... idation |
220+
| fastify.js:22:44:22:52 | userInput | semmle.label | userInput |
221+
| fastify.js:26:9:26:44 | userInput | semmle.label | userInput |
222+
| fastify.js:26:21:26:33 | request.query | semmle.label | request.query |
223+
| fastify.js:26:21:26:44 | request ... Handler | semmle.label | request ... Handler |
224+
| fastify.js:27:44:27:52 | userInput | semmle.label | userInput |
225+
| fastify.js:31:9:31:50 | userInput | semmle.label | userInput |
226+
| fastify.js:31:21:31:33 | request.query | semmle.label | request.query |
227+
| fastify.js:31:21:31:50 | request ... ization | semmle.label | request ... ization |
228+
| fastify.js:32:44:32:52 | userInput | semmle.label | userInput |
229+
| fastify.js:37:9:37:44 | userInput | semmle.label | userInput |
230+
| fastify.js:37:21:37:33 | request.query | semmle.label | request.query |
231+
| fastify.js:37:21:37:44 | request ... esponse | semmle.label | request ... esponse |
232+
| fastify.js:38:44:38:52 | userInput | semmle.label | userInput |
233+
| fastify.js:42:9:42:41 | userInput | semmle.label | userInput |
234+
| fastify.js:42:21:42:33 | request.query | semmle.label | request.query |
235+
| fastify.js:42:21:42:41 | request ... onError | semmle.label | request ... onError |
236+
| fastify.js:43:44:43:52 | userInput | semmle.label | userInput |
237+
| fastify.js:47:9:47:43 | userInput | semmle.label | userInput |
238+
| fastify.js:47:21:47:33 | request.query | semmle.label | request.query |
239+
| fastify.js:47:21:47:43 | request ... Timeout | semmle.label | request ... Timeout |
240+
| fastify.js:48:44:48:52 | userInput | semmle.label | userInput |
241+
| fastify.js:52:11:52:50 | userInput | semmle.label | userInput |
242+
| fastify.js:52:23:52:35 | request.query | semmle.label | request.query |
243+
| fastify.js:52:23:52:50 | request ... stAbort | semmle.label | request ... stAbort |
244+
| fastify.js:53:46:53:54 | userInput | semmle.label | userInput |
155245
| fastify.js:57:9:57:39 | userInput | semmle.label | userInput |
156246
| fastify.js:57:21:57:33 | request.query | semmle.label | request.query |
157247
| fastify.js:57:21:57:39 | request.query.input | semmle.label | request.query.input |

Diff for: javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected

+70
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,36 @@ edges
1111
| express.js:27:9:27:35 | taint | express.js:36:15:36:19 | taint | provenance | |
1212
| express.js:27:17:27:35 | req.param("wobble") | express.js:27:9:27:35 | taint | provenance | |
1313
| express.js:42:30:42:32 | msg | express.js:43:10:43:12 | msg | provenance | |
14+
| fastify.js:4:9:4:43 | userInput | fastify.js:5:44:5:52 | userInput | provenance | |
15+
| fastify.js:4:21:4:33 | request.query | fastify.js:4:9:4:43 | userInput | provenance | |
16+
| fastify.js:4:21:4:43 | request ... Request | fastify.js:4:9:4:43 | userInput | provenance | |
17+
| fastify.js:9:9:9:40 | userInput | fastify.js:10:44:10:52 | userInput | provenance | |
18+
| fastify.js:9:21:9:33 | request.query | fastify.js:9:9:9:40 | userInput | provenance | |
19+
| fastify.js:9:21:9:40 | request.query.onSend | fastify.js:9:9:9:40 | userInput | provenance | |
20+
| fastify.js:15:9:15:44 | userInput | fastify.js:16:44:16:52 | userInput | provenance | |
21+
| fastify.js:15:21:15:33 | request.query | fastify.js:15:9:15:44 | userInput | provenance | |
22+
| fastify.js:15:21:15:44 | request ... Parsing | fastify.js:15:9:15:44 | userInput | provenance | |
23+
| fastify.js:21:9:21:47 | userInput | fastify.js:22:44:22:52 | userInput | provenance | |
24+
| fastify.js:21:21:21:33 | request.query | fastify.js:21:9:21:47 | userInput | provenance | |
25+
| fastify.js:21:21:21:47 | request ... idation | fastify.js:21:9:21:47 | userInput | provenance | |
26+
| fastify.js:26:9:26:44 | userInput | fastify.js:27:44:27:52 | userInput | provenance | |
27+
| fastify.js:26:21:26:33 | request.query | fastify.js:26:9:26:44 | userInput | provenance | |
28+
| fastify.js:26:21:26:44 | request ... Handler | fastify.js:26:9:26:44 | userInput | provenance | |
29+
| fastify.js:31:9:31:50 | userInput | fastify.js:32:44:32:52 | userInput | provenance | |
30+
| fastify.js:31:21:31:33 | request.query | fastify.js:31:9:31:50 | userInput | provenance | |
31+
| fastify.js:31:21:31:50 | request ... ization | fastify.js:31:9:31:50 | userInput | provenance | |
32+
| fastify.js:37:9:37:44 | userInput | fastify.js:38:44:38:52 | userInput | provenance | |
33+
| fastify.js:37:21:37:33 | request.query | fastify.js:37:9:37:44 | userInput | provenance | |
34+
| fastify.js:37:21:37:44 | request ... esponse | fastify.js:37:9:37:44 | userInput | provenance | |
35+
| fastify.js:42:9:42:41 | userInput | fastify.js:43:44:43:52 | userInput | provenance | |
36+
| fastify.js:42:21:42:33 | request.query | fastify.js:42:9:42:41 | userInput | provenance | |
37+
| fastify.js:42:21:42:41 | request ... onError | fastify.js:42:9:42:41 | userInput | provenance | |
38+
| fastify.js:47:9:47:43 | userInput | fastify.js:48:44:48:52 | userInput | provenance | |
39+
| fastify.js:47:21:47:33 | request.query | fastify.js:47:9:47:43 | userInput | provenance | |
40+
| fastify.js:47:21:47:43 | request ... Timeout | fastify.js:47:9:47:43 | userInput | provenance | |
41+
| fastify.js:52:11:52:50 | userInput | fastify.js:53:46:53:54 | userInput | provenance | |
42+
| fastify.js:52:23:52:35 | request.query | fastify.js:52:11:52:50 | userInput | provenance | |
43+
| fastify.js:52:23:52:50 | request ... stAbort | fastify.js:52:11:52:50 | userInput | provenance | |
1444
| fastify.js:57:9:57:39 | userInput | fastify.js:58:44:58:52 | userInput | provenance | |
1545
| fastify.js:57:9:57:39 | userInput | fastify.js:59:23:59:31 | userInput | provenance | |
1646
| fastify.js:57:21:57:33 | request.query | fastify.js:57:9:57:39 | userInput | provenance | |
@@ -86,6 +116,46 @@ nodes
86116
| express.js:36:15:36:19 | taint | semmle.label | taint |
87117
| express.js:42:30:42:32 | msg | semmle.label | msg |
88118
| express.js:43:10:43:12 | msg | semmle.label | msg |
119+
| fastify.js:4:9:4:43 | userInput | semmle.label | userInput |
120+
| fastify.js:4:21:4:33 | request.query | semmle.label | request.query |
121+
| fastify.js:4:21:4:43 | request ... Request | semmle.label | request ... Request |
122+
| fastify.js:5:44:5:52 | userInput | semmle.label | userInput |
123+
| fastify.js:9:9:9:40 | userInput | semmle.label | userInput |
124+
| fastify.js:9:21:9:33 | request.query | semmle.label | request.query |
125+
| fastify.js:9:21:9:40 | request.query.onSend | semmle.label | request.query.onSend |
126+
| fastify.js:10:44:10:52 | userInput | semmle.label | userInput |
127+
| fastify.js:15:9:15:44 | userInput | semmle.label | userInput |
128+
| fastify.js:15:21:15:33 | request.query | semmle.label | request.query |
129+
| fastify.js:15:21:15:44 | request ... Parsing | semmle.label | request ... Parsing |
130+
| fastify.js:16:44:16:52 | userInput | semmle.label | userInput |
131+
| fastify.js:21:9:21:47 | userInput | semmle.label | userInput |
132+
| fastify.js:21:21:21:33 | request.query | semmle.label | request.query |
133+
| fastify.js:21:21:21:47 | request ... idation | semmle.label | request ... idation |
134+
| fastify.js:22:44:22:52 | userInput | semmle.label | userInput |
135+
| fastify.js:26:9:26:44 | userInput | semmle.label | userInput |
136+
| fastify.js:26:21:26:33 | request.query | semmle.label | request.query |
137+
| fastify.js:26:21:26:44 | request ... Handler | semmle.label | request ... Handler |
138+
| fastify.js:27:44:27:52 | userInput | semmle.label | userInput |
139+
| fastify.js:31:9:31:50 | userInput | semmle.label | userInput |
140+
| fastify.js:31:21:31:33 | request.query | semmle.label | request.query |
141+
| fastify.js:31:21:31:50 | request ... ization | semmle.label | request ... ization |
142+
| fastify.js:32:44:32:52 | userInput | semmle.label | userInput |
143+
| fastify.js:37:9:37:44 | userInput | semmle.label | userInput |
144+
| fastify.js:37:21:37:33 | request.query | semmle.label | request.query |
145+
| fastify.js:37:21:37:44 | request ... esponse | semmle.label | request ... esponse |
146+
| fastify.js:38:44:38:52 | userInput | semmle.label | userInput |
147+
| fastify.js:42:9:42:41 | userInput | semmle.label | userInput |
148+
| fastify.js:42:21:42:33 | request.query | semmle.label | request.query |
149+
| fastify.js:42:21:42:41 | request ... onError | semmle.label | request ... onError |
150+
| fastify.js:43:44:43:52 | userInput | semmle.label | userInput |
151+
| fastify.js:47:9:47:43 | userInput | semmle.label | userInput |
152+
| fastify.js:47:21:47:33 | request.query | semmle.label | request.query |
153+
| fastify.js:47:21:47:43 | request ... Timeout | semmle.label | request ... Timeout |
154+
| fastify.js:48:44:48:52 | userInput | semmle.label | userInput |
155+
| fastify.js:52:11:52:50 | userInput | semmle.label | userInput |
156+
| fastify.js:52:23:52:35 | request.query | semmle.label | request.query |
157+
| fastify.js:52:23:52:50 | request ... stAbort | semmle.label | request ... stAbort |
158+
| fastify.js:53:46:53:54 | userInput | semmle.label | userInput |
89159
| fastify.js:57:9:57:39 | userInput | semmle.label | userInput |
90160
| fastify.js:57:21:57:33 | request.query | semmle.label | request.query |
91161
| fastify.js:57:21:57:39 | request.query.input | semmle.label | request.query.input |

0 commit comments

Comments
 (0)