updated sink location in path traversal

Dockerfile

@@ -25,8 +25,8 @@ RUN apt-get install -y zip
 RUN apt-get install -y psmisc
 RUN apt-get install -y yarn
 RUN apt-get install -y nano
-RUN apt-get install g++
-RUN apt-get install make
+RUN apt-get install -y g++
+RUN apt-get install -y make
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
 RUN . ~/.bashrc

path-traversal/11xiaoli_1.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "dome.js:5:8"
 }

path-traversal/22lixian_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "demo.js:6:8"
 }

path-traversal/@vivaxy-here_3.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "3.2.2",
   "fixCommit": "https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2",
-  "sink": ""
+  "sink": "read-file.js:11:19"
 }

path-traversal/bitty_0.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:36:10"
 }

path-traversal/caihong_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:5:8"
 }

path-traversal/canvas-designer_1.2.1/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "server.js:36:8"
 }

path-traversal/caolilinode1_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "caolili.js:10:8"
 }

path-traversal/caolilinode_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "caolili.js:7:8"
 }

path-traversal/crud-file-server_0.7.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "0.9.0",
   "fixCommit": "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82",
-  "sink": ""
+  "sink": "crud-file-server.js:170:14"
 }

path-traversal/cuciuci_1.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:7:8"
 }

path-traversal/cuiaiguang_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:9:12"
 }

path-traversal/cxy_1.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:5:8"
 }

path-traversal/cypserver_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:10:8"
 }

path-traversal/datachannel-client_1.0.2/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "server.js:30:12"
 }

path-traversal/dcdcdcdcdc_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "node.js:9:8"
 }

path-traversal/dylmomo_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:14:8"
 }

path-traversal/execuator.js

@@ -1,48 +1,98 @@
-let oldreadFileSync = require("fs").readFile;
+let oldreadFileSync = require("fs").readFileSync;
+let oldreadFile = require("fs").readFile;
 const fs = require("fs");
 const output_file = "sink_locations_path_traversal.txt";
 
-require("fs").readFile = function () {
+require("fs").readFileSync = function () {
   var args = arguments;
   let stack = new Error().stack.toString().split("\n");
   // console.log(args[0]);
   try {
     // fs.writeFileSync('./aaaaaaaaaaaaaaaaaaaaaaa.txt', args.join('\n'));
-    fs.appendFileSync(output_file, stack.join("\n"));
-    let index = 0;
-    for (let i = 0; i < stack.length; i++) {
-      if (stack[i].includes("node_modules") && !stack[i].includes(".test.js")) {
-        index = i;
-        break;
+    let flag = args[0];
+    if (flag.includes("flag")) {
+      fs.appendFileSync(output_file, stack.join("\n"));
+      let index = 0;
+      for (let i = 0; i < stack.length; i++) {
+        if (
+          stack[i].includes("node_modules") &&
+          !stack[i].includes(".test.js")
+        ) {
+          index = i;
+          break;
+        }
       }
-    }
 
-    let line = stack[index];
-    var preString = "node_modules/";
-    var searchString = "/";
-    var preIndex = line.indexOf(preString);
-    var cut_line = line.substring(preIndex);
-    console.log(cut_line);
-    var first_index = cut_line.indexOf("/");
-    var last_index = cut_line.lastIndexOf("/");
-    package_name = cut_line.substring(first_index + 1, last_index);
-    console.log(package_name);
-    sink = cut_line.substring(last_index + 1);
-    sink = sink.replace(")", "").trim();
-    // console.log(sink)
-    fs.appendFileSync(output_file, "\nsink ==> " + sink + "\n");
+      let line = stack[index];
+      var preString = "node_modules/";
+      var searchString = "/";
+      var preIndex = line.indexOf(preString);
+      var cut_line = line.substring(preIndex);
+      console.log(cut_line);
+      var first_index = cut_line.indexOf("/");
+      var last_index = cut_line.lastIndexOf("/");
+      package_name = cut_line.substring(first_index + 1, last_index);
+      console.log(package_name);
+      sink = cut_line.substring(last_index + 1);
+      sink = sink.replace(")", "").trim();
+      // console.log(sink)
+      fs.appendFileSync(
+        output_file,
+        "\npackage name ==> " + package_name + "\n"
+      );
+      fs.appendFileSync(output_file, "\nsink ==> " + sink + "\n");
+    }
   } catch (err) {
     // console.error(err)
     fs.writeFileSync(output_file, err);
   }
   return oldreadFileSync.apply(this, args);
 };
 
-// try {
-//   fs.writeFileSync('./aaaaaaaaaaaaaaaaaaaaaaa.txt', "sdfsdfsdfsd")
-//   //file written successfully
-// } catch (err) {
-//   // console.error(err)
-// }
+require("fs").readFile = function () {
+  var args = arguments;
+  let stack = new Error().stack.toString().split("\n");
+  // console.log(args[0]);
+  try {
+    // fs.writeFileSync('./aaaaaaaaaaaaaaaaaaaaaaa.txt', args.join('\n'));
+    let flag = args[0];
+    if (flag.includes("flag")) {
+      fs.appendFileSync(output_file, stack.join("\n"));
+      let index = 0;
+      for (let i = 0; i < stack.length; i++) {
+        if (
+          stack[i].includes("node_modules") &&
+          !stack[i].includes(".test.js")
+        ) {
+          index = i;
+          break;
+        }
+      }
+
+      let line = stack[index];
+      var preString = "node_modules/";
+      var searchString = "/";
+      var preIndex = line.indexOf(preString);
+      var cut_line = line.substring(preIndex);
+      console.log(cut_line);
+      var first_index = cut_line.indexOf("/");
+      var last_index = cut_line.lastIndexOf("/");
+      package_name = cut_line.substring(first_index + 1, last_index);
+      console.log(package_name);
+      sink = cut_line.substring(last_index + 1);
+      sink = sink.replace(")", "").trim();
+      // console.log(sink)
+      fs.appendFileSync(
+        output_file,
+        "\npackage name ==> " + package_name + "\n"
+      );
+      fs.appendFileSync(output_file, "\nsink ==> " + sink + "\n");
+    }
+  } catch (err) {
+    // console.error(err)
+    fs.writeFileSync(output_file, err);
+  }
+  return oldreadFileSync.apply(this, args);
+};
 
 require(process.argv[2]);

path-traversal/fakelearnnodejs_0.0.1/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "app.js:8:8"
 }

path-traversal/fast-http-cli_0.0.8/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:35:16"
 }

path-traversal/fast-http_0.1.3/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:35:16"
 }

path-traversal/fbr-client_1.0.3/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "server.js:53:12"
 }

path-traversal/gaoxiaotingtingting_1.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:5:8"
 }

path-traversal/gaoxuyan_1.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:8:8"
 }

path-traversal/getstats_1.0.6/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "server.js:37:12"
 }

path-traversal/goserv_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "goserv.js:63:9"
 }

path-traversal/gyfserver_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:7:8"
 }

path-traversal/hdsdhhksjd_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:7:8"
 }

path-traversal/http-live-simulator_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "1.0.7",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "http-live:55:7"
 }

path-traversal/infraserver_0.0.1/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "Infra.data.js:137:9"
 }

path-traversal/lessindex_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:5:8"
 }

path-traversal/lihuini_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:5:8"
 }

path-traversal/liuyaserver_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "node.js:7:8"
 }

path-traversal/liyujing_1.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:5:8"
 }

path-traversal/ljjnodeserve_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:23:12"
 }

path-traversal/looppake_3.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:9:8"
 }

path-traversal/ltt.js_1.0.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:7:8"
 }

path-traversal/ltt_1.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:7:8"
 }

path-traversal/lzl123_1.1.0/package.json

@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:8:8"
 }