Merge pull request #13 from Contrast-Security-OSS/NODE-637-chained-commands-sink

add semantic chained commands protect rule sink

Author: pmcclory-contrast

lib/routes.js

@@ -9,6 +9,14 @@ module.exports = {
     inputs: ['query', 'cookies'],
     sinks: sinks.cmdInjection
   },
+  cmdInjectionSemanticChainedCommands: {
+    base: '/cmdInjectionSemanticChainedCommands',
+    name: 'Command Injection Semantic Chained Commands',
+    link: 'https://www.owasp.org/index.php/Command_Injection',
+    products: ['Protect'],
+    inputs: ['query'],
+    sinks: sinks.cmdInjectionSemanticChainedCommands
+  },
   nosqlInjection: {
     base: '/nosqlInjection',
     name: 'NoSQL Injection',

lib/sinks/cmdInjectionSemanticChainedCommands.js

@@ -0,0 +1,27 @@
+'use strict';
+const cp = require('child_process');
+
+const pre = (str) => `<pre>${str}</pre>`;
+
+/**
+ * @param {string} input user input string
+ * @param {Object} opts
+ * @param {boolean=} opts.safe are we calling the sink safely?
+ * @param {boolean=} opts.noop are we calling the sink as a noop?
+ */
+module.exports['child_process.exec'] = async function exec(
+  input,
+  { safe = false, noop = false } = {}
+) {
+  if (safe) return 'SAFE';
+  if (noop) return 'NOOP';
+
+  return new Promise((resolve) => {
+    cp.exec('ls ; ps', (err, data) => {
+      if (err) {
+        console.log(`exec failed on 'ls ; ps', err: ${err.message}`);
+      }
+      resolve(pre(data.toString()));
+    });
+  });
+};

lib/sinks/index.js

@@ -4,6 +4,7 @@ module.exports = {
   nosqlInjection: require('./nosqlInjection'),
   sqlInjection: require('./sqlInjection'),
   cmdInjection: require('./cmdInjection'),
+  cmdInjectionSemanticChainedCommands: require('./cmdInjectionSemanticChainedCommands'),
   pathTraversal: require('./pathTraversal'),
   ssjs: require('./ssjs'),
   ssrf: require('./ssrf'),