hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/query-tests/security/CWE-078/TaintedEnvironment.java
Ed Minnix 709649e9df Model replace and putIfAbsent
2024-01-08 09:39:03 -05:00

42 lines
1.2 KiB
Java
Raw Permalink Blame History

import java.lang.ProcessBuilder;
import java.lang.Runtime;
import java.util.Map;
public class TaintedEnvironment {
public Object source() {
return null;
}
public void buildProcess() throws java.io.IOException {
String s = (String) source();
ProcessBuilder pb = new ProcessBuilder();
pb.environment().put("foo", s); // $hasTaintFlow
pb.environment().put(s, "foo"); // $hasTaintFlow
Map<String, String> extra = Map.of("USER", s);
pb.environment().putAll(extra); // $hasTaintFlow
pb.environment().putIfAbsent("foo", s); // $hasTaintFlow
pb.environment().putIfAbsent(s, "foo"); // $hasTaintFlow
pb.environment().replace("foo", s); // $hasTaintFlow
pb.environment().replace(s, "foo"); // $hasTaintFlow
pb.environment().replace("foo", "bar", s); // $hasTaintFlow
Map<String, String> env = pb.environment();
env.put("foo", s); // $hasTaintFlow
pb.start();
}
public void exec() throws java.io.IOException {
String kv = (String) source();
Runtime.getRuntime().exec(new String[] { "ls" }, new String[] { kv }); // $hasTaintFlow
}
}
Reference in New Issue View Git Blame Copy Permalink