So if we have the following code:
@app.route('/menu', methods=['POST'])
def menu():
param = request.form['suggestion']
command = 'echo ' + param + ' >> ' + 'menu.txt'
hey = 'echo ' + param + ' >> ' + 'menu.txt'
yo = 'echo ' + hey + ' >> ' + 'menu.txt'
subprocess.call(command, shell=True)
with open('menu.txt','r') as f:
menu = f.read()
return render_template('command_injection.html', menu=menu)We show the vulnerability output as:
1 vulnerability found:
Vulnerability 1:
File: example/vulnerable_code/command_injection.py
> User input at line 15, trigger word "form[":
param = request.form['suggestion']
Reassigned in:
File: example/vulnerable_code/command_injection.py
> Line 16: command = 'echo ' + param + ' >> ' + 'menu.txt'
File: example/vulnerable_code/command_injection.py
> Line 17: hey = 'echo ' + param + ' >> ' + 'menu.txt'
File: example/vulnerable_code/command_injection.py
> Line 18: yo = 'echo ' + hey + ' >> ' + 'menu.txt'
File: example/vulnerable_code/command_injection.py
> reaches line 20, trigger word "subprocess.call(":
subprocess.call(command,shell=True)
Where we don't really care about Line 17 and 18 in the output, right?
I ran into this while doing #45, once I fix this then I can make the PR fixing both of them.
So if we have the following code:
We show the vulnerability output as:
Where we don't really care about Line 17 and 18 in the output, right?
I ran into this while doing #45, once I fix this then I can make the PR fixing both of them.