Class: Scanny::Checks::BackticksCheck

Inherits:

Check

• Object
• Check
• Scanny::Checks::BackticksCheck

Defined in:

lib/scanny/checks/backticks_check.rb

Overview

Checks for backticks and %x… that pass the command through shell expansion. This can cause unwanted code execution if the command includes unescaped input.

Instance Method Summary

• #check(node) ⇒ Object
• #pattern ⇒ Object

  ‘command`.

Methods inherited from Check

#compiled_pattern, #issue, #strict?, #visit

Instance Method Details

#check(node) ⇒ Object

# File 'lib/scanny/checks/backticks_check.rb', line 12

def check(node)
  issue :high, "Backticks and %x{...} pass the executed command through shell expansion.",
        :cwe => [88, 78]
end

#pattern ⇒ Object

‘command`

# File 'lib/scanny/checks/backticks_check.rb', line 8

def pattern
  'ExecuteString | DynamicExecuteString'
end