Class: Scanny::Checks::BackticksCheck
- Defined in:
- lib/scanny/checks/backticks_check.rb
Overview
Checks for backticks and %x… that pass the command through shell expansion. This can cause unwanted code execution if the command includes unescaped input.
Instance Method Summary collapse
- #check(node) ⇒ Object
-
#pattern ⇒ Object
‘command`.
Methods inherited from Check
#compiled_pattern, #issue, #strict?, #visit
Instance Method Details
#check(node) ⇒ Object
12 13 14 15 |
# File 'lib/scanny/checks/backticks_check.rb', line 12 def check(node) issue :high, "Backticks and %x{...} pass the executed command through shell expansion.", :cwe => [88, 78] end |
#pattern ⇒ Object
‘command`
8 9 10 |
# File 'lib/scanny/checks/backticks_check.rb', line 8 def pattern 'ExecuteString | DynamicExecuteString' end |