hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #447 from smowton/smowton/admin/git-change-note

Browse Source 
Add change-note for addition of `git` to the list of known interpreters for the go/command-injection query
This commit is contained in:
Chris Smowton
2021-01-12 11:33:49 +00:00
committed by GitHub
parent 45635b67c6 a9cff82161
commit c79e4f7836
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
change-notes/2021-01-08-git-as-interpreter.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added `git` as a potentially-exploitable command interpreter for the purposes of the `go/command-injection` query. Because some of its options can cause it to execute an arbitrary command, unsanitized user data can be dangerous to include in its argument list. Such cases will now be flagged as an alert.