Update CMDi Audit query and tests

python/CWE-078/CommandInjectionAudit.ql

@@ -21,5 +21,5 @@ import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.security.dataflow.CommandInjectionCustomizations
 
 from DataFlow::Node sink
-where sink instanceof CommandInjection::Sink
+where sink instanceof CommandInjection::Sink and sink.getScope().inSource()
 select sink, "Usage of command line"

tests/python-tests/CWE-078/audit/CommandInjectionAudit.expected

@@ -0,0 +1,3 @@
+| cmdi.py:7:17:7:17 | ControlFlowNode for i | Usage of command line |
+| cmdi.py:9:17:9:17 | ControlFlowNode for i | Usage of command line |
+| cmdi.py:11:17:11:30 | ControlFlowNode for Fstring | Usage of command line |

tests/python-tests/CWE-078/audit/CommandInjectionAudit.qlref

@@ -0,0 +1 @@
+CWE-078/CommandInjectionAudit.ql

tests/python-tests/CWE-078/audit/cmdi.py

@@ -0,0 +1,11 @@
+import os
+import subprocess
+
+i = input("Enter command: ")
+
+# direct input
+subprocess.call(i, shell=True)
+# direct input, no shell
+subprocess.call(i)
+# format string
+subprocess.call(f"bash -c {i}", shell=True)

tests/python-tests/CWE-078/audit/options

@@ -0,0 +1 @@
+semmle-extractor-options: --max-import-depth=0