hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2240 from max-schaefer/js/indirect-command-argument-data-flow

Browse Source 
Approved by esbena
This commit is contained in:
semmle-qlci
2019-11-01 11:00:22 +00:00
committed by GitHub
parent ea23c2daac 8aae1f443f
commit e8e2f7bb20
4 changed files with 26 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
javascript/ql/src/semmle/javascript/security/dataflow/IndirectCommandArgument.qll
View File

@@ -10,7 +10,7 @@ import javascript
* That is, either `shell` is a Unix shell (`sh` or similar) and
* `arg` is `"-c"`, or `shell` is `cmd.exe` and `arg` is `"/c"`.
*/
private predicate shellCmd(ConstantString shell, string arg) {
private predicate shellCmd(Expr shell, string arg) {
exists(string s | s = shell.getStringValue() |
(s = "sh" or s = "bash" or s = "/bin/sh" or s = "/bin/bash") and
arg = "-c"
@@ -23,25 +23,29 @@ private predicate shellCmd(ConstantString shell, string arg) {
}
/**
* Data flow configuration for tracking string literals that look like they
* may refer to an operating-system shell, and array literals that may end up being
* interpreted as argument lists for system commands.
* Gets a data-flow node whose value ends up being interpreted as the command argument in `sys`
* after a flow summarized by `t`.
*/
private class ArgumentListTracking extends DataFlow::Configuration {
ArgumentListTracking() { this = "ArgumentListTracking" }
private DataFlow::Node commandArgument(SystemCommandExecution sys, DataFlow::TypeBackTracker t) {
t.start() and
result = sys.getACommandArgument()
or
exists(DataFlow::TypeBackTracker t2 |
t = t2.smallstep(result, commandArgument(sys, t2))
)
}
override predicate isSource(DataFlow::Node nd) {
nd instanceof DataFlow::ArrayCreationNode
or
exists(ConstantString shell | shellCmd(shell, _) | nd = DataFlow::valueNode(shell))
}
override predicate isSink(DataFlow::Node nd) {
exists(SystemCommandExecution sys |
nd = sys.getACommandArgument() or
nd = sys.getArgumentList()
)
}
/**
* Gets a data-flow node whose value ends up being interpreted as the argument list in `sys`
* after a flow summarized by `t`.
*/
private DataFlow::SourceNode argumentList(SystemCommandExecution sys, DataFlow::TypeBackTracker t) {
t.start() and
result = sys.getArgumentList().getALocalSource()
or
exists(DataFlow::TypeBackTracker t2 |
result = argumentList(sys, t2).backtrack(t2, t)
)
}
/**
@@ -60,11 +64,11 @@ private class ArgumentListTracking extends DataFlow::Configuration {
*/
predicate isIndirectCommandArgument(DataFlow::Node source, SystemCommandExecution sys) {
exists(
ArgumentListTracking cfg, DataFlow::ArrayCreationNode args, ConstantString shell, string dashC
DataFlow::ArrayCreationNode args, DataFlow::Node shell, string dashC
|
shellCmd(shell, dashC) and
cfg.hasFlow(DataFlow::valueNode(shell), sys.getACommandArgument()) and
cfg.hasFlow(args, sys.getArgumentList()) and
shellCmd(shell.asExpr(), dashC) and
shell = commandArgument(sys, DataFlow::TypeBackTracker::end()) and
args = argumentList(sys, DataFlow::TypeBackTracker::end()) and
args.getAPropertyWrite().getRhs().mayHaveStringValue(dashC) and
source = args.getAPropertyWrite().getRhs()
)

67
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -22,48 +22,12 @@ nodes
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:21:25:23 | cmd |
| child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
| child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:50:15:50:17 | cmd |
| child_process-test.js:50:15:50:17 | cmd |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| child_process-test.js:56:17:56:20 | args |
| execSeries.js:3:20:3:22 | arr |
| execSeries.js:6:14:6:16 | arr |
| execSeries.js:6:14:6:21 | arr[i++] |
@@ -114,9 +78,6 @@ nodes
| third-party-command-injection.js:5:20:5:26 | command |
| third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:6:21:6:27 | command |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
edges
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
@@ -146,33 +107,6 @@ edges
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr |
| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] |
| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command |
@@ -222,7 +156,6 @@ edges
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
#select
| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |

67
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection.expected
View File

@@ -1,40 +1,4 @@
nodes
| child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
| child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| child_process-test.js:56:17:56:20 | args |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
@@ -84,37 +48,7 @@ nodes
| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:35 | args |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
edges
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
@@ -159,7 +93,6 @@ edges
| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
#select
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line argument |

67
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment.expected
View File

@@ -1,77 +1,10 @@
nodes
| child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
| child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
| child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| child_process-test.js:56:17:56:20 | args |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname |
edges
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname | tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") |