mirror of
https://github.com/github/codeql.git
synced 2026-01-11 21:50:28 +01:00
f07a7bf8cf
Will need subsequent PRs fixing up test failures (due to deprecated methods moving around), but other than that everything should be straight-forward.
28 lines
692 B
Plaintext
28 lines
692 B
Plaintext
/**
|
|
* @name 'exec' used
|
|
* @description The 'exec' statement or function is used which could cause arbitrary code to be executed.
|
|
* @kind problem
|
|
* @tags security
|
|
* correctness
|
|
* @problem.severity error
|
|
* @sub-severity high
|
|
* @precision low
|
|
* @id py/use-of-exec
|
|
*/
|
|
|
|
import python
|
|
|
|
string message() {
|
|
result = "The 'exec' statement is used." and major_version() = 2
|
|
or
|
|
result = "The 'exec' function is used." and major_version() = 3
|
|
}
|
|
|
|
predicate exec_function_call(Call c) {
|
|
exists(GlobalVariable exec | exec = c.getFunc().(Name).getVariable() and exec.getId() = "exec")
|
|
}
|
|
|
|
from AstNode exec
|
|
where exec_function_call(exec) or exec instanceof Exec
|
|
select exec, message()
|