mirror of
https://github.com/github/codeql.git
synced 2025-12-24 04:36:35 +01:00
upgrade execa scripts
This commit is contained in:
amammad
@@ -125,7 +125,10 @@ module Execa {
|
||||
class ExecaScript extends SystemCommandExecution, ExecaScriptCall {
|
||||
ExecaScript() { isSync = [false, true] }
|
||||
|
||||
override DataFlow::Node getACommandArgument() { result = this.getParameter(1).asSink() }
|
||||
override DataFlow::Node getACommandArgument() {
|
||||
result = this.getParameter(1).asSink() and
|
||||
not isTaggedTemplateFirstChildAnElement(this.getParameter(1).asSink().asExpr().getParent())
|
||||
}
|
||||
|
||||
override predicate isShellInterpreted(DataFlow::Node arg) {
|
||||
isExecaShellEnable(this.getParameter(0)) and
|
||||
@@ -133,13 +136,11 @@ module Execa {
|
||||
}
|
||||
|
||||
override DataFlow::Node getArgumentList() {
|
||||
result = this.getParameter(any(int i | i > 2)).asSink() and
|
||||
// here I should check if the first parameter of Template literal is the rightmost string of this Template literal then the arguments of this command execution will be the second and third and .. parameters
|
||||
not exists(string s | this.getACall().getArgument(0).mayHaveStringValue(s) | s.matches(""))
|
||||
result = this.getParameter(any(int i | i >= 1)).asSink() and
|
||||
isTaggedTemplateFirstChildAnElement(this.getParameter(1).asSink().asExpr().getParent())
|
||||
or
|
||||
result = this.getParameter(any(int i | i > 1)).asSink() and
|
||||
// here I should check if the first parameter of Template literal is a constant which is the command, then the arguments of this command execution will be the first, second and third and .. parameters
|
||||
not exists(string s | this.getACall().getArgument(0).mayHaveStringValue(s) | s.matches(""))
|
||||
result = this.getParameter(any(int i | i >= 2)).asSink() and
|
||||
not isTaggedTemplateFirstChildAnElement(this.getParameter(1).asSink().asExpr().getParent())
|
||||
}
|
||||
|
||||
override DataFlow::Node getOptionsArg() { result = this.getParameter(0).asSink() }
|
||||
@@ -196,6 +197,11 @@ module Execa {
|
||||
}
|
||||
}
|
||||
|
||||
/** Gets a TemplateLiteral and check if first child is a template element */
|
||||
private predicate isTaggedTemplateFirstChildAnElement(TemplateLiteral templateLit) {
|
||||
exists(templateLit.getChildExpr(0).(TemplateElement))
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds whether Execa has shell enabled options or not, get Parameter responsible for options
|
||||
*/
|
||||
|
||||
@@ -110,48 +110,72 @@ nodes
|
||||
| execa.js:6:15:6:54 | url.par ... md"][0] |
|
||||
| execa.js:6:25:6:31 | req.url |
|
||||
| execa.js:6:25:6:31 | req.url |
|
||||
| execa.js:7:9:7:51 | arg |
|
||||
| execa.js:7:15:7:38 | url.par ... , true) |
|
||||
| execa.js:7:15:7:44 | url.par ... ).query |
|
||||
| execa.js:7:15:7:51 | url.par ... ["arg"] |
|
||||
| execa.js:7:25:7:31 | req.url |
|
||||
| execa.js:7:25:7:31 | req.url |
|
||||
| execa.js:9:15:9:17 | cmd |
|
||||
| execa.js:9:15:9:17 | cmd |
|
||||
| execa.js:10:14:10:16 | cmd |
|
||||
| execa.js:10:14:10:16 | cmd |
|
||||
| execa.js:11:32:11:34 | cmd |
|
||||
| execa.js:11:32:11:34 | cmd |
|
||||
| execa.js:12:33:12:35 | cmd |
|
||||
| execa.js:12:33:12:35 | cmd |
|
||||
| execa.js:14:17:14:19 | cmd |
|
||||
| execa.js:14:17:14:19 | cmd |
|
||||
| execa.js:15:17:15:19 | cmd |
|
||||
| execa.js:15:17:15:19 | cmd |
|
||||
| execa.js:16:17:16:19 | cmd |
|
||||
| execa.js:16:17:16:19 | cmd |
|
||||
| execa.js:17:17:17:19 | cmd |
|
||||
| execa.js:17:17:17:19 | cmd |
|
||||
| execa.js:18:15:18:17 | cmd |
|
||||
| execa.js:18:15:18:17 | cmd |
|
||||
| execa.js:19:15:19:17 | cmd |
|
||||
| execa.js:19:15:19:17 | cmd |
|
||||
| execa.js:21:24:21:26 | cmd |
|
||||
| execa.js:21:24:21:32 | cmd + arg |
|
||||
| execa.js:21:24:21:32 | cmd + arg |
|
||||
| execa.js:21:30:21:32 | arg |
|
||||
| execa.js:22:22:22:24 | cmd |
|
||||
| execa.js:22:22:22:30 | cmd + arg |
|
||||
| execa.js:22:22:22:30 | cmd + arg |
|
||||
| execa.js:22:28:22:30 | arg |
|
||||
| execa.js:23:24:23:26 | cmd |
|
||||
| execa.js:23:24:23:32 | cmd + arg |
|
||||
| execa.js:23:24:23:32 | cmd + arg |
|
||||
| execa.js:23:30:23:32 | arg |
|
||||
| execa.js:24:22:24:24 | cmd |
|
||||
| execa.js:24:22:24:30 | cmd + arg |
|
||||
| execa.js:24:22:24:30 | cmd + arg |
|
||||
| execa.js:24:28:24:30 | arg |
|
||||
| execa.js:7:9:7:53 | arg1 |
|
||||
| execa.js:7:16:7:39 | url.par ... , true) |
|
||||
| execa.js:7:16:7:45 | url.par ... ).query |
|
||||
| execa.js:7:16:7:53 | url.par ... "arg1"] |
|
||||
| execa.js:7:26:7:32 | req.url |
|
||||
| execa.js:7:26:7:32 | req.url |
|
||||
| execa.js:8:9:8:53 | arg2 |
|
||||
| execa.js:8:16:8:39 | url.par ... , true) |
|
||||
| execa.js:8:16:8:45 | url.par ... ).query |
|
||||
| execa.js:8:16:8:53 | url.par ... "arg2"] |
|
||||
| execa.js:8:26:8:32 | req.url |
|
||||
| execa.js:8:26:8:32 | req.url |
|
||||
| execa.js:9:9:9:53 | arg3 |
|
||||
| execa.js:9:16:9:39 | url.par ... , true) |
|
||||
| execa.js:9:16:9:45 | url.par ... ).query |
|
||||
| execa.js:9:16:9:53 | url.par ... "arg3"] |
|
||||
| execa.js:9:26:9:32 | req.url |
|
||||
| execa.js:9:26:9:32 | req.url |
|
||||
| execa.js:11:15:11:17 | cmd |
|
||||
| execa.js:11:15:11:17 | cmd |
|
||||
| execa.js:13:32:13:34 | cmd |
|
||||
| execa.js:13:32:13:34 | cmd |
|
||||
| execa.js:14:31:14:33 | cmd |
|
||||
| execa.js:14:31:14:33 | cmd |
|
||||
| execa.js:17:14:17:16 | cmd |
|
||||
| execa.js:17:14:17:16 | cmd |
|
||||
| execa.js:19:32:19:34 | cmd |
|
||||
| execa.js:19:32:19:34 | cmd |
|
||||
| execa.js:20:33:20:35 | cmd |
|
||||
| execa.js:20:33:20:35 | cmd |
|
||||
| execa.js:23:17:23:19 | cmd |
|
||||
| execa.js:23:17:23:19 | cmd |
|
||||
| execa.js:24:17:24:19 | cmd |
|
||||
| execa.js:24:17:24:19 | cmd |
|
||||
| execa.js:25:17:25:19 | cmd |
|
||||
| execa.js:25:17:25:19 | cmd |
|
||||
| execa.js:26:17:26:19 | cmd |
|
||||
| execa.js:26:17:26:19 | cmd |
|
||||
| execa.js:28:15:28:17 | cmd |
|
||||
| execa.js:28:15:28:17 | cmd |
|
||||
| execa.js:29:15:29:17 | cmd |
|
||||
| execa.js:29:15:29:17 | cmd |
|
||||
| execa.js:31:24:31:26 | cmd |
|
||||
| execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:30:31:33 | arg1 |
|
||||
| execa.js:31:37:31:40 | arg2 |
|
||||
| execa.js:31:44:31:47 | arg3 |
|
||||
| execa.js:32:24:32:26 | cmd |
|
||||
| execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:30:32:33 | arg1 |
|
||||
| execa.js:32:37:32:40 | arg2 |
|
||||
| execa.js:32:44:32:47 | arg3 |
|
||||
| execa.js:34:22:34:24 | cmd |
|
||||
| execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:28:34:31 | arg1 |
|
||||
| execa.js:34:35:34:38 | arg2 |
|
||||
| execa.js:34:42:34:45 | arg3 |
|
||||
| execa.js:35:22:35:24 | cmd |
|
||||
| execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:28:35:31 | arg1 |
|
||||
| execa.js:35:35:35:38 | arg2 |
|
||||
| execa.js:35:42:35:45 | arg3 |
|
||||
| form-parsers.js:9:8:9:39 | "touch ... nalname |
|
||||
| form-parsers.js:9:8:9:39 | "touch ... nalname |
|
||||
| form-parsers.js:9:19:9:26 | req.file |
|
||||
@@ -335,61 +359,99 @@ edges
|
||||
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
|
||||
| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands |
|
||||
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:9:15:9:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:9:15:9:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:10:14:10:16 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:10:14:10:16 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:11:32:11:34 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:11:32:11:34 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:12:33:12:35 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:12:33:12:35 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:14:17:14:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:14:17:14:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:15:17:15:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:15:17:15:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:16:17:16:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:16:17:16:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:17:17:17:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:17:17:17:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:18:15:18:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:18:15:18:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:19:15:19:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:19:15:19:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:21:24:21:26 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:22:22:22:24 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:23:24:23:26 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:24:22:24:24 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:11:15:11:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:11:15:11:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:13:32:13:34 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:13:32:13:34 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:14:31:14:33 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:14:31:14:33 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:17:14:17:16 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:17:14:17:16 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:19:32:19:34 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:19:32:19:34 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:20:33:20:35 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:20:33:20:35 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:23:17:23:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:23:17:23:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:24:17:24:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:24:17:24:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:25:17:25:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:25:17:25:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:26:17:26:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:26:17:26:19 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:28:15:28:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:28:15:28:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:29:15:29:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:29:15:29:17 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:31:24:31:26 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:32:24:32:26 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:34:22:34:24 | cmd |
|
||||
| execa.js:6:9:6:54 | cmd | execa.js:35:22:35:24 | cmd |
|
||||
| execa.js:6:15:6:38 | url.par ... , true) | execa.js:6:15:6:44 | url.par ... ).query |
|
||||
| execa.js:6:15:6:44 | url.par ... ).query | execa.js:6:15:6:51 | url.par ... ["cmd"] |
|
||||
| execa.js:6:15:6:51 | url.par ... ["cmd"] | execa.js:6:15:6:54 | url.par ... md"][0] |
|
||||
| execa.js:6:15:6:54 | url.par ... md"][0] | execa.js:6:9:6:54 | cmd |
|
||||
| execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) |
|
||||
| execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) |
|
||||
| execa.js:7:9:7:51 | arg | execa.js:21:30:21:32 | arg |
|
||||
| execa.js:7:9:7:51 | arg | execa.js:22:28:22:30 | arg |
|
||||
| execa.js:7:9:7:51 | arg | execa.js:23:30:23:32 | arg |
|
||||
| execa.js:7:9:7:51 | arg | execa.js:24:28:24:30 | arg |
|
||||
| execa.js:7:15:7:38 | url.par ... , true) | execa.js:7:15:7:44 | url.par ... ).query |
|
||||
| execa.js:7:15:7:44 | url.par ... ).query | execa.js:7:15:7:51 | url.par ... ["arg"] |
|
||||
| execa.js:7:15:7:51 | url.par ... ["arg"] | execa.js:7:9:7:51 | arg |
|
||||
| execa.js:7:25:7:31 | req.url | execa.js:7:15:7:38 | url.par ... , true) |
|
||||
| execa.js:7:25:7:31 | req.url | execa.js:7:15:7:38 | url.par ... , true) |
|
||||
| execa.js:21:24:21:26 | cmd | execa.js:21:24:21:32 | cmd + arg |
|
||||
| execa.js:21:24:21:26 | cmd | execa.js:21:24:21:32 | cmd + arg |
|
||||
| execa.js:21:30:21:32 | arg | execa.js:21:24:21:32 | cmd + arg |
|
||||
| execa.js:21:30:21:32 | arg | execa.js:21:24:21:32 | cmd + arg |
|
||||
| execa.js:22:22:22:24 | cmd | execa.js:22:22:22:30 | cmd + arg |
|
||||
| execa.js:22:22:22:24 | cmd | execa.js:22:22:22:30 | cmd + arg |
|
||||
| execa.js:22:28:22:30 | arg | execa.js:22:22:22:30 | cmd + arg |
|
||||
| execa.js:22:28:22:30 | arg | execa.js:22:22:22:30 | cmd + arg |
|
||||
| execa.js:23:24:23:26 | cmd | execa.js:23:24:23:32 | cmd + arg |
|
||||
| execa.js:23:24:23:26 | cmd | execa.js:23:24:23:32 | cmd + arg |
|
||||
| execa.js:23:30:23:32 | arg | execa.js:23:24:23:32 | cmd + arg |
|
||||
| execa.js:23:30:23:32 | arg | execa.js:23:24:23:32 | cmd + arg |
|
||||
| execa.js:24:22:24:24 | cmd | execa.js:24:22:24:30 | cmd + arg |
|
||||
| execa.js:24:22:24:24 | cmd | execa.js:24:22:24:30 | cmd + arg |
|
||||
| execa.js:24:28:24:30 | arg | execa.js:24:22:24:30 | cmd + arg |
|
||||
| execa.js:24:28:24:30 | arg | execa.js:24:22:24:30 | cmd + arg |
|
||||
| execa.js:7:9:7:53 | arg1 | execa.js:31:30:31:33 | arg1 |
|
||||
| execa.js:7:9:7:53 | arg1 | execa.js:32:30:32:33 | arg1 |
|
||||
| execa.js:7:9:7:53 | arg1 | execa.js:34:28:34:31 | arg1 |
|
||||
| execa.js:7:9:7:53 | arg1 | execa.js:35:28:35:31 | arg1 |
|
||||
| execa.js:7:16:7:39 | url.par ... , true) | execa.js:7:16:7:45 | url.par ... ).query |
|
||||
| execa.js:7:16:7:45 | url.par ... ).query | execa.js:7:16:7:53 | url.par ... "arg1"] |
|
||||
| execa.js:7:16:7:53 | url.par ... "arg1"] | execa.js:7:9:7:53 | arg1 |
|
||||
| execa.js:7:26:7:32 | req.url | execa.js:7:16:7:39 | url.par ... , true) |
|
||||
| execa.js:7:26:7:32 | req.url | execa.js:7:16:7:39 | url.par ... , true) |
|
||||
| execa.js:8:9:8:53 | arg2 | execa.js:31:37:31:40 | arg2 |
|
||||
| execa.js:8:9:8:53 | arg2 | execa.js:32:37:32:40 | arg2 |
|
||||
| execa.js:8:9:8:53 | arg2 | execa.js:34:35:34:38 | arg2 |
|
||||
| execa.js:8:9:8:53 | arg2 | execa.js:35:35:35:38 | arg2 |
|
||||
| execa.js:8:16:8:39 | url.par ... , true) | execa.js:8:16:8:45 | url.par ... ).query |
|
||||
| execa.js:8:16:8:45 | url.par ... ).query | execa.js:8:16:8:53 | url.par ... "arg2"] |
|
||||
| execa.js:8:16:8:53 | url.par ... "arg2"] | execa.js:8:9:8:53 | arg2 |
|
||||
| execa.js:8:26:8:32 | req.url | execa.js:8:16:8:39 | url.par ... , true) |
|
||||
| execa.js:8:26:8:32 | req.url | execa.js:8:16:8:39 | url.par ... , true) |
|
||||
| execa.js:9:9:9:53 | arg3 | execa.js:31:44:31:47 | arg3 |
|
||||
| execa.js:9:9:9:53 | arg3 | execa.js:32:44:32:47 | arg3 |
|
||||
| execa.js:9:9:9:53 | arg3 | execa.js:34:42:34:45 | arg3 |
|
||||
| execa.js:9:9:9:53 | arg3 | execa.js:35:42:35:45 | arg3 |
|
||||
| execa.js:9:16:9:39 | url.par ... , true) | execa.js:9:16:9:45 | url.par ... ).query |
|
||||
| execa.js:9:16:9:45 | url.par ... ).query | execa.js:9:16:9:53 | url.par ... "arg3"] |
|
||||
| execa.js:9:16:9:53 | url.par ... "arg3"] | execa.js:9:9:9:53 | arg3 |
|
||||
| execa.js:9:26:9:32 | req.url | execa.js:9:16:9:39 | url.par ... , true) |
|
||||
| execa.js:9:26:9:32 | req.url | execa.js:9:16:9:39 | url.par ... , true) |
|
||||
| execa.js:31:24:31:26 | cmd | execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:24:31:26 | cmd | execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:30:31:33 | arg1 | execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:30:31:33 | arg1 | execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:37:31:40 | arg2 | execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:37:31:40 | arg2 | execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:44:31:47 | arg3 | execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:31:44:31:47 | arg3 | execa.js:31:24:31:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:24:32:26 | cmd | execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:24:32:26 | cmd | execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:30:32:33 | arg1 | execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:30:32:33 | arg1 | execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:37:32:40 | arg2 | execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:37:32:40 | arg2 | execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:44:32:47 | arg3 | execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:32:44:32:47 | arg3 | execa.js:32:24:32:47 | cmd + a ... + arg3 |
|
||||
| execa.js:34:22:34:24 | cmd | execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:22:34:24 | cmd | execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:28:34:31 | arg1 | execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:28:34:31 | arg1 | execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:35:34:38 | arg2 | execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:35:34:38 | arg2 | execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:42:34:45 | arg3 | execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:34:42:34:45 | arg3 | execa.js:34:22:34:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:22:35:24 | cmd | execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:22:35:24 | cmd | execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:28:35:31 | arg1 | execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:28:35:31 | arg1 | execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:35:35:38 | arg2 | execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:35:35:38 | arg2 | execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:42:35:45 | arg3 | execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| execa.js:35:42:35:45 | arg3 | execa.js:35:22:35:45 | cmd + a ... + arg3 |
|
||||
| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname |
|
||||
| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname |
|
||||
| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname |
|
||||
@@ -495,24 +557,34 @@ edges
|
||||
| exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value |
|
||||
| exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value |
|
||||
| execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value |
|
||||
| execa.js:9:15:9:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:9:15:9:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:10:14:10:16 | cmd | execa.js:6:25:6:31 | req.url | execa.js:10:14:10:16 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:11:32:11:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:11:32:11:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:12:33:12:35 | cmd | execa.js:6:25:6:31 | req.url | execa.js:12:33:12:35 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:14:17:14:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:14:17:14:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:15:17:15:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:15:17:15:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:16:17:16:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:16:17:16:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:17:17:17:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:17:17:17:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:18:15:18:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:18:15:18:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:19:15:19:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:19:15:19:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:21:24:21:32 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:21:24:21:32 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:21:24:21:32 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:21:24:21:32 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value |
|
||||
| execa.js:22:22:22:30 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:22:22:22:30 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:22:22:22:30 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:22:22:22:30 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value |
|
||||
| execa.js:23:24:23:32 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:23:24:23:32 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:23:24:23:32 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:23:24:23:32 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value |
|
||||
| execa.js:24:22:24:30 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:24:22:24:30 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:24:22:24:30 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:24:22:24:30 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value |
|
||||
| execa.js:11:15:11:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:11:15:11:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:13:32:13:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:13:32:13:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:14:31:14:33 | cmd | execa.js:6:25:6:31 | req.url | execa.js:14:31:14:33 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:17:14:17:16 | cmd | execa.js:6:25:6:31 | req.url | execa.js:17:14:17:16 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:19:32:19:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:19:32:19:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:20:33:20:35 | cmd | execa.js:6:25:6:31 | req.url | execa.js:20:33:20:35 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:23:17:23:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:23:17:23:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:24:17:24:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:24:17:24:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:25:17:25:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:25:17:25:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:26:17:26:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:26:17:26:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:28:15:28:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:28:15:28:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:29:15:29:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:29:15:29:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value |
|
||||
| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value |
|
||||
| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value |
|
||||
| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value |
|
||||
| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value |
|
||||
| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value |
|
||||
| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value |
|
||||
| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value |
|
||||
| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value |
|
||||
| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value |
|
||||
| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value |
|
||||
| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value |
|
||||
| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value |
|
||||
| form-parsers.js:9:8:9:39 | "touch ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:9:19:9:26 | req.file | user-provided value |
|
||||
| form-parsers.js:14:10:14:37 | "touch ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:13:3:13:11 | req.files | user-provided value |
|
||||
| form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | This command line depends on a $@. | form-parsers.js:24:48:24:55 | filename | user-provided value |
|
||||
|
||||
@@ -6,30 +6,31 @@ http.createServer(async function (req, res) {
|
||||
let cmd = url.parse(req.url, true).query["cmd"][0];
|
||||
let arg1 = url.parse(req.url, true).query["arg1"];
|
||||
let arg2 = url.parse(req.url, true).query["arg2"];
|
||||
let arg3 = url.parse(req.url, true).query["arg3"];
|
||||
|
||||
await $`${cmd} ${arg1} ${arg2}`; // NOT OK
|
||||
await $`ssh ${arg1} ${arg2}`; // NOT OK
|
||||
$({ shell: false }).sync`${cmd} ${arg} ${arg} ${arg2}`; // NOT OK
|
||||
$({ shell: true }).sync`${cmd} ${arg} ${arg} ${arg2}`; // NOT OK
|
||||
$({ shell: false }).sync`ssh ${arg} ${arg} ${arg2}`; // NOT OK
|
||||
await $`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK
|
||||
await $`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK
|
||||
$({ shell: false }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK
|
||||
$({ shell: true }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK
|
||||
$({ shell: false }).sync`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK
|
||||
|
||||
$.sync`${cmd} ${arg1} ${arg2}`; // NOT OK
|
||||
$.sync`ssh ${arg1} ${arg2}`; // NOT OK
|
||||
await $({ shell: true })`${cmd} ${arg1} ${arg2}` // NOT OK
|
||||
await $({ shell: false })`${cmd} ${arg1} ${arg2}` // NOT OK
|
||||
await $({ shell: false })`ssh ${arg1} ${arg2}` // NOT OK
|
||||
$.sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK
|
||||
$.sync`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK
|
||||
await $({ shell: true })`${cmd} ${arg1} ${arg2} ${arg3}` // NOT OK
|
||||
await $({ shell: false })`${cmd} ${arg1} ${arg2} ${arg3}` // NOT OK
|
||||
await $({ shell: false })`ssh ${arg1} ${arg2} ${arg3}` // NOT OK
|
||||
|
||||
await execa(cmd, [arg1]); // NOT OK
|
||||
await execa(cmd, [arg1, arg2, arg3]); // NOT OK
|
||||
await execa(cmd, { shell: true }); // NOT OK
|
||||
await execa(cmd, { shell: true }); // NOT OK
|
||||
await execa(cmd, [arg1], { shell: true }); // NOT OK
|
||||
await execa(cmd, [arg1, arg2, arg3], { shell: true }); // NOT OK
|
||||
|
||||
execaSync(cmd, [arg1]); // NOT OK
|
||||
execaSync(cmd, [arg1], { shell: true }); // NOT OK
|
||||
execaSync(cmd, [arg1, arg2, arg3]); // NOT OK
|
||||
execaSync(cmd, [arg1, arg2, arg3], { shell: true }); // NOT OK
|
||||
|
||||
await execaCommand(cmd + arg1); // NOT OK
|
||||
await execaCommand(cmd + arg1, { shell: true }); // NOT OK
|
||||
await execaCommand(cmd + arg1 + arg2 + arg3); // NOT OK
|
||||
await execaCommand(cmd + arg1 + arg2 + arg3, { shell: true }); // NOT OK
|
||||
|
||||
execaCommandSync(cmd + arg1); // NOT OK
|
||||
execaCommandSync(cmd + arg1, { shell: true }); // NOT OK
|
||||
execaCommandSync(cmd + arg1 + arg2 + arg3); // NOT OK
|
||||
execaCommandSync(cmd + arg1 + arg2 + arg3, { shell: true }); // NOT OK
|
||||
});
|
||||
Reference in New Issue
Block a user