From 2e7eb5031913c77cc475db5f407288772231594e Mon Sep 17 00:00:00 2001
From: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Date: Fri, 12 May 2023 14:42:11 +0100
Subject: [PATCH] JavaScript: Use synchronous APIs in examples for
 js/shell-command-constructed-from-input.

---
 .../CWE-078/examples/unsafe-shell-command-construction.js       | 2 +-
 .../CWE-078/examples/unsafe-shell-command-construction_fixed.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction.js b/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction.js
index d2d1869746f..f8f3d8b7514 100644
--- a/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction.js
+++ b/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction.js
@@ -1,5 +1,5 @@
 var cp = require("child_process");
 
 module.exports = function download(path, callback) {
-  cp.exec("wget " + path, callback);
+  cp.execSync("wget " + path, callback);
 }
diff --git a/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction_fixed.js b/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction_fixed.js
index 9f6bb249adc..4a8c880ad8f 100644
--- a/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction_fixed.js
+++ b/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction_fixed.js
@@ -1,5 +1,5 @@
 var cp = require("child_process");
 
 module.exports = function download(path, callback) {
-  cp.execFile("wget", [path], callback);
+  cp.execFileSync("wget", [path], callback);
 }