Skip to content

Commit 33d8ffa

Browse files
NapalysNapalys
committed
Added test cases for shelljs.env
1 parent 602500e commit 33d8ffa

File tree

1 file changed

+7
-0
lines changed
  • javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection

1 file changed

+7
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,10 @@ function test(e) {
1212
test(process.env); // $ Source
1313

1414
exec(getInput('data')); // $ Alert
15+
16+
function test2(e) {
17+
const shelljs = require('shelljs');
18+
exec('rm -rf ' + shelljs.env['SOME']); // $ MISSING: Alert
19+
exec('rm -rf ' + shelljs.env.SOME); // $ MISSING: Alert
20+
exec('rm -rf ' + shelljs.env); // $ MISSING: Alert
21+
}

0 commit comments

Comments
 (0)