hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b24c6fd57946ee3a14ffca59f2799819469934cc
codeql/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js
amammad b24c6fd579 for demonstration
2023-10-11 17:34:33 +02:00

35 lines
1.4 KiB
JavaScript
Raw Blame History

import { execa, execaSync, execaCommand, execaCommandSync, $ } from 'execa';
import http from 'node:http'
import url from 'url'
http.createServer(async function (req, res) {
let cmd = url.parse(req.url, true).query["cmd"][0];
let arg1 = url.parse(req.url, true).query["arg1"];
let arg2 = url.parse(req.url, true).query["arg2"];
await $`${cmd} ${arg1} ${arg2}`; // NOT OK
await $`ssh ${arg1} ${arg2}`; // NOT OK
$({ shell: false }).sync`${cmd} ${arg} ${arg} ${arg2}`; // NOT OK
$({ shell: true }).sync`${cmd} ${arg} ${arg} ${arg2}`; // NOT OK
$({ shell: false }).sync`ssh ${arg} ${arg} ${arg2}`; // NOT OK
$.sync`${cmd} ${arg1} ${arg2}`; // NOT OK
$.sync`ssh ${arg1} ${arg2}`; // NOT OK
await $({ shell: true })`${cmd} ${arg1} ${arg2}` // NOT OK
await $({ shell: false })`${cmd} ${arg1} ${arg2}` // NOT OK
await $({ shell: false })`ssh ${arg1} ${arg2}` // NOT OK
await execa(cmd, [arg1]); // NOT OK
await execa(cmd, { shell: true }); // NOT OK
await execa(cmd, { shell: true }); // NOT OK
await execa(cmd, [arg1], { shell: true }); // NOT OK
execaSync(cmd, [arg1]); // NOT OK
execaSync(cmd, [arg1], { shell: true }); // NOT OK
await execaCommand(cmd + arg1); // NOT OK
await execaCommand(cmd + arg1, { shell: true }); // NOT OK
execaCommandSync(cmd + arg1); // NOT OK
execaCommandSync(cmd + arg1, { shell: true }); // NOT OK
});
Reference in New Issue View Git Blame Copy Permalink