Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space CCPPOBJ and version Publish
Panel
borderColorgray
borderStyledashed

Name: Uncontrolled data used in OS command

Description:

Excerpt
Using user-supplied data in an OS command, without neutralizing special elements, can make code vulnerable to command injection.

ID: cpp/command-line-injection

Kind: problem

Severity: error

Precision: highlow

Dont print
Code Block
languageql
titleQuery: ExecTainted.ql
collapsetrue
/**
 * @name Uncontrolled data used in OS command
 * @description Using user-supplied data in an OS command, without
 *              neutralizing special elements, can make code vulnerable
 *              to command injection.
 * @kind problem
 * @problem.severity error
 * @precision highlow
 * @id cpp/command-line-injection
 * @tags security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
 */
import cpp
import semmle.code.cpp.security.CommandExecution
import semmle.code.cpp.security.Security
import semmle.code.cpp.security.TaintTracking

from Expr taintedArg, Expr taintSource, string taintCause, string callChain
where shellCommand(taintedArg, callChain)
  and tainted(taintSource, taintedArg)
  and isUserInput(taintSource, taintCause)
select
  taintedArg,
  "This argument to an OS command is derived from $@ and then passed to " + callChain,
  taintSource, "user input (" + taintCause + ")"

...

Htmlcomment
hiddentrue
hashconfluence_uploader_hash:7e592359fdbe4805c07c7453984a10b3a5adecb01a95051d3404e6e93317995aca6b7da5515750a9