C++ : NULL application name with an unquoted path in call to CreateProcess

Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.

cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.cpp

@@ -0,0 +1,11 @@
+STARTUPINFOW si;
+PROCESS_INFORMATION pi;
+
+// ... 
+
+CreateProcessW(                           // BUG
+    NULL,                                 // lpApplicationName
+    (LPWSTR)L"C:\\Program Files\\MyApp",  // lpCommandLine
+    NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
+
+// ...