hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 15:41:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
818c5de8d58afea91e65a784a353c8bb39b2af08
codeql/java/ql/test/query-tests/security/CWE-078/TaintedEnvironment.java
Ed Minnix f05f16116b Testing for Environment variable injection
2024-01-08 09:38:45 -05:00

31 lines
759 B
Java
Raw Blame History

import java.lang.ProcessBuilder;
import java.lang.Runtime;
import java.util.Map;
public class TaintedEnvironment {
public Object source() {
return null;
}
public void buildProcess() throws java.io.IOException {
String s = (String) source();
ProcessBuilder pb = new ProcessBuilder();
pb.environment().put("foo", s); // $hasTaintFlow
pb.environment().put(s, "foo"); // $hasTaintFlow
Map<String, String> env = pb.environment();
env.put("foo", s); // $hasTaintFlow
pb.start();
}
public void exec() throws java.io.IOException {
String kv = (String) source();
Runtime.getRuntime().exec(new String[] { "ls" }, new String[] { kv }); // $hasTaintFlow
}
}
Reference in New Issue View Git Blame Copy Permalink