result-1-github-codeql.md

github/codeql

javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js

function cleanupTemp() {
  let cmd = "rm -rf " + path.join(__dirname, "temp");
  cp.execSync(cmd); // BAD
}

This shell command depends on an uncontrolled absolute path.

Paths

Path with 5 steps

1. javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js

     path = require("path");
   function cleanupTemp() {
     let cmd = "rm -rf " + path.join(__dirname, "temp");
     cp.execSync(cmd); // BAD
   }
   

2. javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js

     path = require("path");
   function cleanupTemp() {
     let cmd = "rm -rf " + path.join(__dirname, "temp");
     cp.execSync(cmd); // BAD
   }
   

3. javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js

     path = require("path");
   function cleanupTemp() {
     let cmd = "rm -rf " + path.join(__dirname, "temp");
     cp.execSync(cmd); // BAD
   }
   

4. javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js

     path = require("path");
   function cleanupTemp() {
     let cmd = "rm -rf " + path.join(__dirname, "temp");
     cp.execSync(cmd); // BAD
   }
   

5. javascript/ql/src/Security/CWE-078/examples/shell-command-injection-from-environment.js

   function cleanupTemp() {
     let cmd = "rm -rf " + path.join(__dirname, "temp");
     cp.execSync(cmd); // BAD
   }
   

---

javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

(function() {
	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD

	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK

This shell command depends on an uncontrolled absolute path.

Paths

Path with 3 steps

1. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   (function() {
   	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
   	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   

2. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   (function() {
   	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
   	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   

3. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   (function() {
   	cp.execFileSync('rm',  ['-rf', path.join(__dirname, "temp")]); // GOOD
   	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   

---

javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD

	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK

This shell command depends on an uncontrolled absolute path.

Paths

Path with 3 steps

1. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   
   

2. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   
   

3. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   	cp.execSync('rm -rf ' + path.join(__dirname, "temp")); // BAD
   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   
   

---

javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK

	const safe = "\"" + path.join(__dirname, "temp") + "\"";

This shell command depends on an uncontrolled absolute path.

Paths

Path with 3 steps

1. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   
   	const safe = "\"" + path.join(__dirname, "temp") + "\"";
   

2. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   
   	const safe = "\"" + path.join(__dirname, "temp") + "\"";
   

3. javascript/ql/test/query-tests/Security/CWE-078/tst_shell-command-injection-from-environment.js

   
   	execa.shell('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   	execa.shellSync('rm -rf ' + path.join(__dirname, "temp")); // NOT OK
   
   	const safe = "\"" + path.join(__dirname, "temp") + "\"";
   

---