codeql/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

var cp = require('child_process'),
    path = require('path');
(function() {
	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
});