hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/other.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

36 lines
1.2 KiB
JavaScript
Raw Blame History

var http = require("http"),
url = require("url");
var server = http.createServer(function (req, res) {
let cmd = url.parse(req.url, true).query.path; // $ Source
require("cross-spawn").sync(cmd); // $ Alert
require("execa").shell(cmd); // $ Alert
require("execa").shellSync(cmd); // $ Alert
require("execa").stdout(cmd); // $ Alert
require("execa").stderr(cmd); // $ Alert
require("execa").sync(cmd); // $ Alert
require("cross-spawn")(cmd); // $ Alert
require("cross-spawn-async")(cmd); // $ Alert
require("exec")(cmd); // $ Alert
require("exec-async")(cmd); // $ Alert
require("execa")(cmd); // $ Alert
require("remote-exec")(target, cmd); // $ Alert
const ssh2 = require("ssh2");
new ssh2().exec(cmd); // $ Alert
new ssh2.Client().exec(cmd); // $ Alert
const SSH2Stream = require("ssh2-streams").SSH2Stream;
new SSH2Stream().exec(false, cmd); // $ Alert
require("execa").node(cmd); // $ Alert
require("foreground-child")(cmd); // $ Alert
const opener = require("opener");
opener("http://github.com/" + url.parse(req.url, true).query.user);
opener("http://github.com", { command: cmd }); // $ Alert
});
Reference in New Issue View Git Blame Copy Permalink