hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

backtrack string-concatenations from shell-execution sinks

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-04-07 15:33:06 +02:00
parent 073a43ce74
commit 365b4d722d
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
View File

@@ -70,6 +70,12 @@ module UnsafeShellCommandConstruction {
exists(DataFlow::TypeBackTracker t2 |
t2 = t.smallstep(result, isExecutedAsShellCommand(t2, sys))
)
or
exists(DataFlow::TypeBackTracker t2, StringOps::ConcatenationRoot prev |
t = t2.continue() and
isExecutedAsShellCommand(t2, sys) = prev and
result = prev.getALeaf()
)
}
/**