hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

recognize commands with slash and underscore

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-09-07 14:28:28 +02:00
parent 320879bc1e
commit 55b79f445c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
View File

@@ -85,7 +85,7 @@ module UnsafeShellCommandConstruction {
this = root.getALeaf() and
root = isExecutedAsShellCommand(DataFlow::TypeBackTracker::end(), sys) and
exists(string prev | prev = this.getPreviousLeaf().getStringValue() |
prev.regexpMatch(".* ('|\")?[0-9a-zA-Z/:]*")
prev.regexpMatch(".* ('|\")?[0-9a-zA-Z/:_-]*")
)
}
@@ -132,7 +132,7 @@ module UnsafeShellCommandConstruction {
this = call.getFormatArgument(_) and
call = isExecutedAsShellCommand(DataFlow::TypeBackTracker::end(), sys) and
exists(string formatString | call.getFormatString().mayHaveStringValue(formatString) |
formatString.regexpMatch(".* ('|\")?[0-9a-zA-Z/:]*%.*")
formatString.regexpMatch(".* ('|\")?[0-9a-zA-Z/:_-]*%.*")
)
}