hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add SubshellHeredocExecution

Browse Source 
This is a form of command execution:

    result = <<`EOF`
    echo foo bar #{baz}
    EOF
This commit is contained in:
Harry Maclean
2021-09-07 11:29:55 +01:00
parent 799ef4e4c9
commit fb23a2e3bf
6 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ql/test/query-tests/security/cwe-078/CommandInjection.expected
View File

@@ -3,14 +3,17 @@ edges
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:7:16:7:18 | cmd |
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:8:14:8:16 | cmd |
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:9:17:9:22 | #{...} |
| CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:11:9:11:14 | #{...} |
nodes
| CommandInjection.rb:5:15:5:20 | call to params : | semmle.label | call to params : |
| CommandInjection.rb:6:10:6:15 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:7:16:7:18 | cmd | semmle.label | cmd |
| CommandInjection.rb:8:14:8:16 | cmd | semmle.label | cmd |
| CommandInjection.rb:9:17:9:22 | #{...} | semmle.label | #{...} |
| CommandInjection.rb:11:9:11:14 | #{...} | semmle.label | #{...} |
#select
| CommandInjection.rb:6:10:6:15 | #{...} | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:6:10:6:15 | #{...} | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:7:16:7:18 | cmd | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:7:16:7:18 | cmd | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:8:14:8:16 | cmd | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:8:14:8:16 | cmd | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:9:17:9:22 | #{...} | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:9:17:9:22 | #{...} | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |
| CommandInjection.rb:11:9:11:14 | #{...} | CommandInjection.rb:5:15:5:20 | call to params : | CommandInjection.rb:11:9:11:14 | #{...} | This command depends on $@. | CommandInjection.rb:5:15:5:20 | call to params | a user-provided value |

3
ql/test/query-tests/security/cwe-078/CommandInjection.rb
View File

@@ -7,6 +7,9 @@ class UsersController < ActionController::Base
system(cmd)
exec(cmd)
%x(echo #{cmd})
result = <<`EOF`
#{cmd}
EOF
safe_cmd = Shellwords.escape(cmd)
`echo #{safe_cmd}`