Python: Add test of more indirect command injection sinks

RasmusWL · RasmusWL · commit 3af5c720cc55 · 2020-09-28T11:16:52.000+02:00
diff --git a/python/ql/test/experimental/library-tests/frameworks/stdlib/SystemCommandExecution.py b/python/ql/test/experimental/library-tests/frameworks/stdlib/SystemCommandExecution.py
@@ -104,6 +104,13 @@ def os_members():
 subprocess.Popen(["cmd", "/c", "vuln"])  # $SystemCommandExecution_getCommand="cmd" $f-:SystemCommandExecution_getCommand="vuln"
 subprocess.Popen(["cmd", "/C", "vuln"])  # $SystemCommandExecution_getCommand="cmd" $f-:SystemCommandExecution_getCommand="vuln"
 
+subprocess.Popen(["<progname>", "-c", "vuln"], executable="/bin/bash")  # $SystemCommandExecution_getCommand="/bin/bash" $f-:SystemCommandExecution_getCommand="vuln"
+
+if UNKNOWN:
+    os.execl("/bin/sh", "<progname>", "-c", "vuln")  # $SystemCommandExecution_getCommand="/bin/sh" $f-:SystemCommandExecution_getCommand="vuln"
+
+os.spawnl(os.P_WAIT, "/bin/sh", "<progname>", "-c", "vuln")  # $SystemCommandExecution_getCommand="/bin/sh" $f-:SystemCommandExecution_getCommand="vuln"
+
 ################################################################################
 # Taint related
 
