Skip to content

Commit

Permalink
Apply code scanning fix for uncontrolled command line
Browse files Browse the repository at this point in the history 
Co-authored-by: GitHub Advanced Security, powered by CodeQL and AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@BillReyor @github-advanced-security
BillReyor and github-advanced-security[bot] authored May 11, 2024
1 parent bd63737 commit 5ab6bc8
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion workshop/VulnerableAppThree/vulnerable-server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,9 @@ app.listen(3000, () => {
});
app.get('/exec', (req, res) => {
const { cmd } = req.query;
require('child_process').exec(cmd, (error, stdout, stderr) => {
const args = cmd.split(' ');
const command = args.shift();
require('child_process').execFile(command, args, (error, stdout, stderr) => {

Check failure

Code scanning / CodeQL

Uncontrolled command line Critical

This command line depends on a
user-provided value
Loading
.
if (error) {
return res.status(500).send(`Error: ${error.message}`);
}
Expand Down

0 comments on commit 5ab6bc8

Please sign in to comment.