False positives on COM.FLOW.FilePath erros

[labeyrb]

Expected behavior

We don't expect a COM.FLOW.FilePath error when :

• using basename to get the name of a script/file
• setting the variable PATH
• redirecting the stderr of a command in /dev/null
• using the result of a command (id or echo) to set a variable
• using a sql request
• using a loop on a file (done < $filein)

Actual behavior

For the following parts of script, a COM.FLOW.FilePath error is raised :

Below the iCode results :

Steps to reproduce behavior

Detection version

3.0

[leleur]

Hello everyone,

In the version 4.0, some previous behavior are still present. For example of th following lines of script :

1. current_users= " $( id -u -n ) " --> It is forbidden to use a file name such as id directly.

2. done < Date_produit.txt --> It is forbidden to use a file name such as done directly.

3. dateYmAvant= $( date -d "-1 month" +%Y -%m ) --> It is forbidden to use a file name such as date directly.