hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

require arguments to be shell interpreted to be flagged by indirect-command-injection

Browse Source
This commit is contained in:
erik-krogh
2023-05-17 11:05:29 +02:00
parent b46983a381
commit 3293a55e8f
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js
View File

@@ -144,4 +144,6 @@ cp.exec("cmd.sh " + require("optimist").argv.foo); // NOT OK
cp.exec("cmd.sh " + program.opts().pizzaType); // NOT OK
cp.exec("cmd.sh " + program.pizzaType); // NOT OK
cp.execFile(program.opts().pizzaType, ["foo", "bar"]); // OK
});