hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
This commit is contained in:
Erik Krogh Kristensen
2020-02-25 10:04:51 +01:00
committed by GitHub
parent afd6ea2628
commit d540caecdd
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/semmle/javascript/security/UselessUseOfCat.qll
View File

@@ -97,7 +97,7 @@ class UselessCat extends CommandCall {
getArgument(0).mayHaveStringValue(getACatExecuteable())
) and
// wildcards, pipes, redirections, other bash features, and multiple files (spaces) are OK.
not exists(getNonCommandConstantString().regexpFind("\\*|\\||>|<| |\\$|&|,|\\`", _, _)) and
not exists(getNonCommandConstantString().regexpFind("\\*|\\||>|<| |\\$|&|,|\\`| ", _, _)) and
// Only acceptable option is "encoding", everything else is non-trivial to emulate with fs.readFile.
(
not exists(getOptionsArg())
@@ -135,7 +135,7 @@ class UselessCat extends CommandCall {
* Gets a string used to call `cat`.
*/
string getACatExecuteable() {
result = "cat" or result = "/bin/cat" or result = "sudo cat" or result = "sudo /bin/cat"
result = "cat" or result = "/bin/cat"
}
/**