mirror of
https://github.com/github/codeql.git
synced 2025-12-19 02:13:17 +01:00
29 lines
718 B
Plaintext
29 lines
718 B
Plaintext
/**
|
|
* @name 'exec' used
|
|
* @description The 'exec' statement or function is used which could cause arbitrary code to be executed.
|
|
* @kind problem
|
|
* @tags security
|
|
* correctness
|
|
* @problem.severity error
|
|
* @security-severity 4.2
|
|
* @sub-severity high
|
|
* @precision low
|
|
* @id py/use-of-exec
|
|
*/
|
|
|
|
import python
|
|
|
|
string message() {
|
|
result = "The 'exec' statement is used." and major_version() = 2
|
|
or
|
|
result = "The 'exec' function is used." and major_version() = 3
|
|
}
|
|
|
|
predicate exec_function_call(Call c) {
|
|
exists(GlobalVariable exec | exec = c.getFunc().(Name).getVariable() and exec.getId() = "exec")
|
|
}
|
|
|
|
from AstNode exec
|
|
where exec_function_call(exec) or exec instanceof Exec
|
|
select exec, message()
|