hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

expand the explanation to include with arguments make the commands vulnerable

Browse Source
This commit is contained in:
erik-krogh
2022-11-01 14:24:23 +01:00
parent 8fd6424db9
commit 6f3ca40fed
3 changed files with 44 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
View File

@@ -17,8 +17,9 @@ import javascript
import DataFlow::PathGraph
import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode
where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode()
select sink.getNode(), source, sink,
"Command line argument that allows for arbitrary command execution depends on $@.",
"Command line argument that depends on $@ can execute an arbitrary command if " +
sinkNode.getVulnerableArgumentExample() + " is used with " + sinkNode.getCommand() + ".",
source.getNode(), source.getNode().(Source).describe()