hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

use simpler taint-step for DestructingPattern

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-06-11 23:16:46 +02:00
parent 733e04c1eb
commit ef72c03ca9
3 changed files with 93 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
javascript/ql/test/query-tests/Security/CWE-078/command-line-parameter-command-injection.js
View File

@@ -53,5 +53,22 @@ cp.exec("cmd.sh " + require("optimist").argv.foo); // NOT OK
.command();
cp.exec("cmd.sh " + args); // NOT OK
var tainted1 = require('yargs').argv;
var tainted2 = require('yargs').parse()
const {taint1: {...taint1rest},taint2: {...taint2rest}} = {
taint1: tainted1,
taint2: tainted2
}
cp.exec("cmd.sh " + taint1rest); // NOT OK - has flow from tainted1
cp.exec("cmd.sh " + taint2rest); // NOT OK - has flow from tianted2
var {...taint3} = require('yargs').argv;
cp.exec("cmd.sh " + taint3); // NOT OK
var [...taint4] = require('yargs').argv;
cp.exec("cmd.sh " + taint4); // NOT OK
});