hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

require arguments to be shell interpreted to be flagged by indirect-command-injection

Browse Source
This commit is contained in:
erik-krogh
2023-05-17 11:05:29 +02:00
parent b46983a381
commit 3293a55e8f
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll
View File

@@ -199,9 +199,13 @@ module IndirectCommandInjection {
}
/**
* A command argument to a function that initiates an operating system command.
* A command argument to a function that initiates an operating system command as a shell invocation.
*/
private class SystemCommandExecutionSink extends Sink, DataFlow::ValueNode {
SystemCommandExecutionSink() { this = any(SystemCommandExecution sys).getACommandArgument() }
SystemCommandExecutionSink() {
exists(SystemCommandExecution sys |
sys.isShellInterpreted(this) and this = sys.getACommandArgument()
)
}
}
}