mirror of
https://github.com/github/codeql.git
synced 2026-06-16 18:31:07 +02:00
30 lines
826 B
Python
30 lines
826 B
Python
import os
|
|
import platform
|
|
import popen2
|
|
|
|
from flask import Flask, request # $ Source
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
@app.route("/python2-specific")
|
|
def python2_specific():
|
|
"""
|
|
These tests are mostly included to check for extra paths that can be generated if
|
|
we can track flow into the implementation of a stdlib function, and then to another sink.
|
|
See comment in query for more details.
|
|
"""
|
|
|
|
files = request.args.get("files", "")
|
|
os.popen2("ls " + files) # $ Alert
|
|
os.popen3("ls " + files) # $ Alert
|
|
os.popen4("ls " + files) # $ Alert
|
|
|
|
platform.popen("ls " + files) # $ Alert
|
|
|
|
popen2.popen2("ls " + files) # $ Alert
|
|
popen2.popen3("ls " + files) # $ Alert
|
|
popen2.popen4("ls " + files) # $ Alert
|
|
popen2.Popen3("ls " + files) # $ Alert
|
|
popen2.Popen4("ls " + files) # $ Alert
|