hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: tests to show modeling is very syntactical

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-09-28 11:23:06 +02:00
parent 3af5c720cc
commit 6cb2ca63a6
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
python/ql/test/experimental/library-tests/frameworks/stdlib/SystemCommandExecution.py
View File

@@ -111,6 +111,19 @@ if UNKNOWN:
os.spawnl(os.P_WAIT, "/bin/sh", "<progname>", "-c", "vuln") # $SystemCommandExecution_getCommand="/bin/sh" $f-:SystemCommandExecution_getCommand="vuln"
########################################
# Passing arguments by reference
args = ["/bin/sh", "-c", "vuln"]
subprocess.Popen(args) # $SystemCommandExecution_getCommand=args
args = "<progname>"
use_shell = False
exe = "executable"
subprocess.Popen(args, shell=use_shell, executable=exe) # $f+:SystemCommandExecution_getCommand=args $SystemCommandExecution_getCommand=exe
################################################################################
# Taint related