Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 3ac94c3 commit 8f8c064Copy full SHA for 8f8c064
1 file changed
python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/src/unsafe_shell_test.py
@@ -1,13 +1,9 @@
1
import os
2
import subprocess
3
-import shlex
4
5
def unsafe_shell_one(name):
6
os.system("ping " + name) # $result=BAD
7
8
- # shlex.quote sanitizer
9
- os.system("ping " + shlex.quote(name)) # $result=OK
10
-
11
# f-strings
12
os.system(f"ping {name}") # $result=BAD
13
@@ -50,4 +46,8 @@ def indirect(flag, x):
50
46
subprocess.Popen("ping " + name, shell=unknownValue) # OK - shell assumed to be False
51
47
52
48
def intentional(command):
53
- os.system("fish -ic " + command) # $result=OK - intentional
49
+ os.system("fish -ic " + command) # $result=OK - intentional
+
+import shlex
+def unsafe_shell_sanitized(name):
+ os.system("ping " + shlex.quote(name)) # $result=OK - sanitized
0 commit comments