hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 20:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: fixup for execa.shell and execa.shellSync models

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-12-22 09:06:18 +01:00
parent ba714a1214
commit ab4f3ea259
3 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/query-tests/Security/CWE-078/Consistency.expected
View File

@@ -1,2 +0,0 @@
| query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js:8 | expected an alert, but found none | NOT OK | ComandInjection |
| query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js:9 | expected an alert, but found none | NOT OK | ComandInjection |

20
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment.expected
View File

@@ -4,10 +4,30 @@ nodes
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname |
edges
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
#select
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | absolute path |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | absolute path |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | absolute path |