hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 07:15:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed .md and made class change

Browse Source
This commit is contained in:
aegilops
2023-06-19 17:29:17 +01:00
parent 8c9ccab9c9
commit 23bf8470ce
4 changed files with 2 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.md
View File

@@ -1,30 +0,0 @@
# Command Injection into Runtime.exec() with dangerous command
Code that passes remote user input to an arugment of a call of `Runtime.exec` that executes a scripting executable will allow the user to execute malicious code.
## Recommendation
If possible, use hard-coded string literals to specify the command or script to run, or library to load. Instead of passing the user input directly to the process or library function, examine the user input and then choose among hard-coded string literals.
If the applicable libraries or commands cannot be determined at compile time, then add code to verify that the user input string is safe before using it.
## Example
The following example shows code that takes a shell script that can be changed maliciously by a user, and passes it straight to the array going into `Runtime.exec` without examining it first.
```java
class Test {
public static void main(String[] args) {
String script = System.getenv("SCRIPTNAME");
if (script != null) {
// BAD: The script to be executed by /bin/sh is controlled by the user.
Runtime.getRuntime().exec(new String[]{"/bin/sh", script});
}
}
}
```
## References
* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).
* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).
* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).

4
java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql
View File

@@ -14,9 +14,7 @@
import DataFlow::PathGraph
import CommandInjectionRuntimeExec
class RemoteSource extends Source {
RemoteSource() { this instanceof RemoteFlowSource }
}
class RemoteSource extends Source instanceof RemoteFlowSource {}
from
DataFlow::PathNode source, DataFlow::PathNode sink, ExecTaintConfiguration2 conf,

30
java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExecLocal.md
View File

@@ -1,30 +0,0 @@
# Command Injection into Runtime.exec() with dangerous command
Code that passes local user input to an arugment of a call of `Runtime.exec` that executes a scripting executable will allow the user to execute malicious code.
## Recommendation
If possible, use hard-coded string literals to specify the command or script to run, or library to load. Instead of passing the user input directly to the process or library function, examine the user input and then choose among hard-coded string literals.
If the applicable libraries or commands cannot be determined at compile time, then add code to verify that the user input string is safe before using it.
## Example
The following example shows code that takes a shell script that can be changed maliciously by a user, and passes it straight to the array going into `Runtime.exec` without examining it first.
```java
class Test {
public static void main(String[] args) {
String script = System.getenv("SCRIPTNAME");
if (script != null) {
// BAD: The script to be executed by /bin/sh is controlled by the user.
Runtime.getRuntime().exec(new String[]{"/bin/sh", script});
}
}
}
```
## References
* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).
* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).
* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).

4
java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExecLocal.ql
View File

@@ -15,9 +15,7 @@
import DataFlow::PathGraph
import CommandInjectionRuntimeExec
class LocalSource extends Source {
LocalSource() { this instanceof LocalUserInput }
}
class LocalSource extends Source instanceof LocalUserInput {}
from
DataFlow::PathNode source, DataFlow::PathNode sink, ExecTaintConfiguration2 conf,