Predicate isIndirectCommandArgument
Holds if source
contributes to the arguments of an indirect command execution sys
.
An indirect command execution is a system execution command that starts with sh -c
, cmd.exe /c
, or similar.
For example, getCommand()
is source
, and the call to childProcess.spawn
is sys
in the following example:
let cmd = getCommand();
let sh = "sh";
let args = ["-c", cmd];
childProcess.spawn(sh, args, cb);
or
let cmd = getCommand();
childProcess.spawn("cmd.exe", ["/c"].concat(cmd), cb);
Import path
import semmle.javascript.security.dataflow.IndirectCommandArgument
predicate isIndirectCommandArgument(Node source, SystemCommandExecution sys)