hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port ShellCommandInjectionFromEnvironment

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:23:18 +02:00
parent 06835a800c
commit d446444667
3 changed files with 42 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected
View File

@@ -1,32 +1,21 @@
nodes
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname |
edges
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
nodes
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | semmle.label | __dirname |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | semmle.label | __dirname |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | semmle.label | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | semmle.label | __dirname |
subpaths
#select
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | absolute path |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | absolute path |