hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update UnsafeCreateProcessCall.ql

Browse Source
This commit is contained in:
Raul Garcia
2018-10-15 13:41:21 -07:00
committed by GitHub
parent 1d853691eb
commit cd5e788aa7
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
View File

@@ -1,6 +1,6 @@
/**
* @name NULL application name with an unquoted path in call to CreateProcess
* @description Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.
* @description Calling a function of the CreateProcess* family of functions, which may result in a security vulnerability if the path contains spaces.
* @id cpp/unsafe-create-process-call
* @kind problem
* @problem.severity error
@@ -132,4 +132,4 @@ where
and quotedConfig.hasFlow(DataFlow2::exprNode(source), DataFlow2::exprNode(cmd))
and msg2 = " and with an unquoted lpCommandLine (" + cmd + ") may result in a security vulnerability if the path contains spaces."
)
select call, msg1 + " " + msg2
select call, msg1 + " " + msg2