js - Detect sinks introduced through implicit globals #17889
Replies: 2 comments
-
Hi @DSimsek000, For all libraries, we rely on having models that summarise them. For It doesn't seem like this implementation deals with functions that Nonetheless, you can add your own, custom models which assume that e.g. a call to In particular, rather than using the existing |
Beta Was this translation helpful? Give feedback.
-
Thats a fair point. Thanks for your answer and suggestions! |
Beta Was this translation helpful? Give feedback.
-
I am trying to reproduce GHSA-m7p2-ghfh-pjvx and came up with the following query:
However, it does not find the path or any sinks.
Adding
to the beginning of aapts/index.js solves this.
It seems the issue is the missing sink definition for
shelljs/global
, which does not export any members but instead adds them to the global object https://github.com/shelljs/shelljs/blob/master/global.js#L4.Are there recommended strategies in CodeQL for detecting command sinks introduced through implicit globals, like those in shelljs/global?
Beta Was this translation helpful? Give feedback.
All reactions