forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpromisification.js
More file actions
153 lines (118 loc) · 4.53 KB
/
promisification.js
File metadata and controls
153 lines (118 loc) · 4.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
const express = require('express');
const bodyParser = require('body-parser');
const cp = require('child_process');
const app = express();
app.use(bodyParser.json());
function legacyEval(code) {
cp.exec(code.code); // $ MISSING: Alert
}
app.post('/eval', async (req, res) => {
const { promisify } = require('util');
const evalAsync = promisify(legacyEval);
const code = req.body; // $ MISSING: Source
evalAsync(code);
});
app.post('/eval', async (req, res) => {
const directPromisify = require('util.promisify');
const code = req.body; // $ Source
const promisifiedExec3 = directPromisify(cp.exec);
promisifiedExec3(code); // $ Alert
});
app.post('/eval', async (req, res) => {
const promisify2 = require('util.promisify-all');
const promisifiedCp = promisify2(cp);
const code = req.body; // $ MISSING: Source
promisifiedCp.exec(code); // $ MISSING: Alert
});
app.post('/eval', async (req, res) => {
var garPromisify = require("@gar/promisify");
const code = req.body; // $ MISSING: Source
const promisifiedExec = garPromisify(cp.exec);
promisifiedExec(code); // $ MISSING: Alert
const promisifiedCp = garPromisify(cp);
promisifiedCp.exec(code); // $ MISSING: Alert
});
app.post('/eval', async (req, res) => {
require('util.promisify/shim')();
const util = require('util');
const code = req.body; // $ Source
const promisifiedExec = util.promisify(cp.exec);
promisifiedExec(code); // $ Alert
const execAsync = util.promisify(cp.exec.bind(cp));
execAsync(code); // $ Alert
});
app.post('/eval', async (req, res) => {
const es6Promisify = require("es6-promisify");
let cmd = req.body; // $ MISSING: Source
// Test basic promisification
const promisifiedExec = es6Promisify(cp.exec);
promisifiedExec(cmd); // $ MISSING: Alert
// Test with method binding
const execBoundAsync = es6Promisify(cp.exec.bind(cp));
execBoundAsync(cmd); // $ MISSING: Alert
const promisifiedExecMulti = es6Promisify(cp.exec, {
multiArgs: true
});
promisifiedExecMulti(cmd); // $ MISSING: Alert
const promisifiedCp = es6Promisify.promisifyAll(cp);
promisifiedCp.exec(cmd); // $ MISSING: Alert
promisifiedCp.execFile(cmd); // $ MISSING: Alert
promisifiedCp.spawn(cmd); // $ MISSING: Alert
const lambda = es6Promisify((code, callback) => {
try {
const result = cp.exec(code); // $ MISSING: Alert
callback(null, result);
} catch (err) {
callback(err);
}
});
lambda(cmd);
});
app.post('/eval', async (req, res) => {
var thenifyAll = require('thenify-all');
var cpThenifyAll = thenifyAll(require('child_process'), {}, [
'exec',
'execSync',
]);
const code = req.body; // $ Source
cpThenifyAll.exec(code); // $ Alert
cpThenifyAll.execSync(code); // $ Alert
cpThenifyAll.execFile(code); // $ SPURIOUS: Alert - not promisified, as it is not listed in `thenifyAll`, but it should fine to flag it
var cpThenifyAll1 = thenifyAll.withCallback(require('child_process'), {}, ['exec']);
cpThenifyAll1.exec(code, function (err, string) {}); // $ Alert
var cpThenifyAll2 = thenifyAll(require('child_process'));
cpThenifyAll2.exec(code); // $ Alert
});
app.post('/eval', async (req, res) => {
const maybe = require('call-me-maybe');
const code = req.body; // $ MISSING: Source
function createExecPromise(cmd) {
return new Promise((resolve) => {
resolve(cmd);
});
}
const cmdPromise = createExecPromise(code);
maybe(null, cmdPromise).then(cmd => {
cp.exec(cmd); // $ MISSING: Alert
});
});
app.post('/eval', async (req, res) => {
const utilPromisify = require('util-promisify');
const code = req.body; // $ MISSING: Source
const promisifiedExec = utilPromisify(cp.exec);
promisifiedExec(code); // $ MISSING: Alert
const execAsync = utilPromisify(cp.exec.bind(cp));
execAsync(code); // $ MISSING: Alert
});
app.post('/eval', async (req, res) => {
const {promisify, promisifyAll} = require('@google-cloud/promisify');
const code = req.body; // $ MISSING: Source
const promisifiedExec = promisify(cp.exec);
promisifiedExec(code); // $ MISSING: Alert
const execAsync = promisify(cp.exec.bind(cp));
execAsync(code); // $ MISSING: Alert
const promisifiedCp = promisifyAll(cp);
promisifiedCp.exec(code); // $ MISSING: Alert
promisifiedCp.execFile(code); // $ MISSING: Alert
promisifiedCp.spawn(code); // $ MISSING: Alert
});