Merge pull request #4546 from toufik-airane/main

JS: Add ElectronShellOpenExternalSink class for Electron framework security

javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll

@@ -60,4 +60,15 @@ module ClientSideUrlRedirect {
       guard instanceof HostnameSanitizerGuard
     }
   }
+
+  /**
+   * Improper use of openExternal can be leveraged to compromise the user's host.
+   * When openExternal is used with untrusted content, it can be leveraged to execute arbitrary commands.
+   */
+  class ElectronShellOpenExternalSink extends Sink {
+    ElectronShellOpenExternalSink() {
+      this =
+        DataFlow::moduleMember("electron", "shell").getAMemberCall("openExternal").getArgument(0)
+    }
+  }
 }