Skip to content

Commit ad32b81

Browse files
egregius313egregius313
committed
environment-injection sink
1 parent 93025cc commit ad32b81

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

java/ql/lib/ext/java.lang.model.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ extensions:
2222
- ["java.lang", "Runtime", True, "exec", "(String,String[])", "", "Argument[0]", "command-injection", "ai-manual"]
2323
- ["java.lang", "Runtime", True, "exec", "(String,String[],File)", "", "Argument[0]", "command-injection", "ai-manual"]
2424
- ["java.lang", "Runtime", True, "exec", "(String,String[],File)", "", "Argument[2]", "command-injection", "ai-manual"]
25+
# All implementations of `java.lang.Runtime::exec` take the environment variables as their second argument.
26+
- ["java.lang", "Runtime", True, "exec", "", "", "Argument[1]", "environment-injection", "manual"]
2527
# These are potential vulnerabilities, but not for command-injection. No query for this kind of vulnerability currently exists.
2628
# - ["java.lang", "Runtime", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
2729
# - ["java.lang", "Runtime", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]

0 commit comments

Comments
 (0)