hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

recognize more exported functions in js/shell-command-constructed-from-input

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-12-21 13:50:22 +01:00
parent 0a0137bb5e
commit 4ef569fbbe
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
View File

@@ -53,7 +53,7 @@ module UnsafeShellCommandConstruction {
ExternalInputSource() {
this =
Exports::getAValueExportedBy(Exports::getTopmostPackageJSON())
.(DataFlow::FunctionNode)
.getAFunctionValue()
.getAParameter() and
not this.getName() = ["cmd", "command"] // looks to be on purpose.
}