mrva/vscode-codeql
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
2e28146a58a86fda2edea11714a104a2f1d41979
vscode-codeql/extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/interpreted-results/data/results-repo1.md
shati-patel 2e28146a58 Create markdown files for sharing results
2022-04-11 15:24:08 +01:00

3.0 KiB
Raw Blame History

github/codeql

javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js

function cleanupTemp() {
  let cmd = "rm -rf " + path.join(__dirname, "temp");
  cp.execSync(cmd); // BAD
}

This shell command depends on an uncontrolled absolute path.

javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

(function() {
	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD

	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK

This shell command depends on an uncontrolled absolute path.

javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD

	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK

This shell command depends on an uncontrolled absolute path.

javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js


	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK

	const safe = "\"" + path.join(__dirname, "temp") + "\"";

This shell command depends on an uncontrolled absolute path.