mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
41 lines
1.2 KiB
Go
41 lines
1.2 KiB
Go
package main
|
|
|
|
import (
|
|
"net/http"
|
|
"os/exec"
|
|
"strings"
|
|
)
|
|
|
|
// BAD: using git subcommands that are vulnerable to arbitrary remote command execution
|
|
func gitSubcommandsBad(req *http.Request) {
|
|
tainted := req.URL.Query()["cmd"][0]
|
|
|
|
exec.Command("git", "clone", tainted)
|
|
exec.Command("git", "fetch", tainted)
|
|
exec.Command("git", "pull", tainted)
|
|
exec.Command("git", "ls-remote", tainted)
|
|
exec.Command("git", "fetch-pack", tainted)
|
|
}
|
|
|
|
// GOOD: using a sampling of git subcommands that are not vulnerable to arbitrary remote command execution
|
|
func gitSubcommandsGood(req *http.Request) {
|
|
tainted := req.URL.Query()["cmd"][0]
|
|
|
|
exec.Command("git", "checkout", tainted)
|
|
exec.Command("git", "branch", tainted)
|
|
exec.Command("git", "diff", tainted)
|
|
exec.Command("git", "merge", tainted)
|
|
exec.Command("git", "add", tainted)
|
|
}
|
|
|
|
// BAD: using git subcommands that are vulnerable to arbitrary remote command execution
|
|
func gitSubcommandsGood2(req *http.Request) {
|
|
tainted := req.URL.Query()["cmd"][0]
|
|
|
|
if !strings.HasPrefix(tainted, "--") {
|
|
exec.Command("git", "clone", tainted) // GOOD, `tainted` cannot start with "--"
|
|
} else {
|
|
exec.Command("git", "clone", tainted) // BAD, `tainted` can start with "--"
|
|
}
|
|
}
|