Skip to content

Commit 33d8ffa

Browse files
NapalysNapalys
committed
Added test cases for shelljs.env
1 parent 602500e commit 33d8ffa

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

  • javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection

javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,10 @@ function test(e) {
1212
test(process.env); // $ Source
1313

1414
exec(getInput('data')); // $ Alert
15+
16+
function test2(e) {
17+
const shelljs = require('shelljs');
18+
exec('rm -rf ' + shelljs.env['SOME']); // $ MISSING: Alert
19+
exec('rm -rf ' + shelljs.env.SOME); // $ MISSING: Alert
20+
exec('rm -rf ' + shelljs.env); // $ MISSING: Alert
21+
}

0 commit comments

Comments
 (0)