hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 23:56:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

add link to source in alert-message for js/shell-command-constructed-from-input

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-03-18 13:37:18 +01:00
parent 1d9f8c2d37
commit d998d06b94
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
View File

@@ -18,6 +18,6 @@ import DataFlow::PathGraph
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode
where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode()
select sinkNode.getAlertLocation(), source, sink, "$@ based on library input is later used in $@.",
sinkNode.getAlertLocation(), sinkNode.getSinkType(), sinkNode.getCommandExecution(),
"shell command"
select sinkNode.getAlertLocation(), source, sink, "$@ based on $@ is later used in $@.",
sinkNode.getAlertLocation(), sinkNode.getSinkType(), source.getNode(), "library input",
sinkNode.getCommandExecution(), "shell command"