diff --git a/rules/javascript/lang/non_literal_fs_filename.yml b/rules/javascript/lang/non_literal_fs_filename.yml index f644ca121..67ff7d691 100644 --- a/rules/javascript/lang/non_literal_fs_filename.yml +++ b/rules/javascript/lang/non_literal_fs_filename.yml @@ -2,7 +2,7 @@ imports: - javascript_shared_import_library patterns: - pattern: | - $.$($<...>$$<...>) + $.$($$<...>) filters: - variable: FS detection: javascript_lang_non_literal_fs_filename_fs_init @@ -14,10 +14,6 @@ patterns: - chmod - chown - close - - copyFile - - copyFile - - cp - - cp - createReadStream - createWriteStream - exists @@ -31,28 +27,22 @@ patterns: - lchmod - lchown - lutimes - - link - - link - lstat - mkdir - mkdtemp - open + - openAsBlob - opendir - read - - read - readdir - readFile - readlink - readv - realpath - - realpath - - rename - - rename - rmdir - rm - stat - - symlink - - symlink + - statfs - truncate - unlink - unwatchFile @@ -67,10 +57,6 @@ patterns: - chmodSync - chownSync - closeSync - - copyFileSync - - copyFileSync - - cpSync - - cpSync - existsSync - fchmodSync - fchownSync @@ -82,8 +68,6 @@ patterns: - lchmodSync - lchownSync - lutimesSync - - linkSync - - linkSync - lstatSync - mkdirSync - mkdtempSync @@ -93,17 +77,11 @@ patterns: - readFileSync - readlinkSync - readSync - - readSync - readvSync - - realpathync - realpathSync - - renameSync - - renameSync - rmdirSync - rmSync - statSync - - symlinkSync - - symlinkSync - truncateSync - unlinkSync - utimesSync @@ -114,6 +92,33 @@ patterns: variable: INPUT detection: string_literal scope: result + - pattern: | + $.$($, $$<...>) + filters: + - variable: FS + detection: javascript_lang_non_literal_fs_filename_fs_init + scope: cursor + - variable: METHOD + values: + - copyFile # copyFile(sourcePath, destPath) + - cp # cp(sourcePath, destPath) + - link # link(oldPath, newPath, ...) + - rename # rename(oldPath, newPath, ...) + - symlink # symlink(target, path) + - copyFileSync + - cpSync + - linkSync + - renameSync + - symlinkSync + - either: + - not: + variable: INPUT_1 + detection: string_literal + scope: result + - not: + variable: INPUT_2 + detection: string_literal + scope: result auxiliary: - id: javascript_lang_non_literal_fs_filename_fs_init patterns: diff --git a/tests/javascript/lang/non_literal_fs_filename/testdata/app.js b/tests/javascript/lang/non_literal_fs_filename/testdata/app.js index 6c6d22ae9..228feea02 100644 --- a/tests/javascript/lang/non_literal_fs_filename/testdata/app.js +++ b/tests/javascript/lang/non_literal_fs_filename/testdata/app.js @@ -11,6 +11,25 @@ export function bad(options) { } } +export function bad2(options) { + // bearer:expected javascript_lang_non_literal_fs_filename + Fs.copyFileSync(options.filePath, 'some-new-filepath.txt', 'utf8'); + + // bearer:expected javascript_lang_non_literal_fs_filename + Fs.symlink('some-filepath.txt', options.filePath, 'utf8'); + + // bearer:expected javascript_lang_non_literal_fs_filename + Fs.rename(options.filePath, options.newFilePath); +} + export function ok() { stdioTarget = Fs.createWriteStream('some-string-literal', 'utf8'); } + +export function ok2(data, encoding) { + stdioTarget = Fs.createWriteStream('some-string-literal', data, encoding); +} + +export function ok3(data) { + Fs.symlink('some-filepath.txt', 'some-other-filepath.txt', data.options); +} \ No newline at end of file