You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/results-repo1.md
let cmd = "rm -rf " + path.join(__dirname, "temp");
8
7
cp.execSync(<strong>cmd</strong>); // BAD
9
8
}
10
-
11
9
</code></pre>
12
10
13
11
*This shell command depends on an uncontrolled [absolute path](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js#L4-L4).*
cp.execFileSync('rm', ['-rf', path.join(__dirname, "temp")]); // GOOD
22
19
cp.execSync(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // BAD
23
20
24
21
execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
25
-
26
22
</code></pre>
27
23
28
24
*This shell command depends on an uncontrolled [absolute path](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L6-L6).*
cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
30
+
<pre><codeclass="javascript"> cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
36
31
37
32
execa.shell(<strong>'rm -rf ' + path.join(__dirname, "temp")</strong>); // NOT OK
38
33
execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
39
34
40
-
41
35
</code></pre>
42
36
43
37
*This shell command depends on an uncontrolled [absolute path](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L8-L8).*
*This shell command depends on an uncontrolled [absolute path](https://github.com/github/codeql/blob/48015e5a2e6202131f2d1062cc066dc33ed69a9b/javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js#L9-L9).*
Copy file name to clipboardExpand all lines: extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/path-problem/results-repo2.md
*This shell command depends on an uncontrolled [absolute path](https://github.com/meteor/meteor/blob/73b538fe201cbfe89dd0c709689023f9b3eab1ec/npm-packages/meteor-installer/config.js#L39-L39).*
Copy file name to clipboardExpand all lines: extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/problem/results-repo1.md
Copy file name to clipboardExpand all lines: extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/data/interpreted-results/problem/results-repo2.md
0 commit comments