-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invoking a process with sensitive command line argument - CWE 214 #15
Comments
Forgot to attach my draft queries . But am struggling to match "-p" in my expr :s /**
import java from MethodAccess mc, Expr arg , Variable var |
Maybe the queries You would probably want to use To track flow from your For example your query could then look like this: /**
* @kind problem
*/
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.CommandLineQuery
from CompileTimeConstantExpr passwordOption, CommandInjectionSink sink
where
passwordOption.getStringValue().matches("%-p%") and
TaintTracking::localTaint(DataFlow::exprNode(passwordOption), sink)
select passwordOption, "This password option is used as command line argument $@", sink, "here" Unless you explicitly want to check for the /**
* @kind problem
*/
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.CommandLineQuery
import semmle.code.java.security.SensitiveActions
from SensitiveExpr sensitiveExpr, CommandInjectionSink sink
where TaintTracking::localTaint(DataFlow::exprNode(sensitiveExpr), sink)
select sensitiveExpr, "This sensitive value is used as command line argument $@", sink, "here" Also a tip regarding the code of your query, avoid checking the result of the I hope that helps. Though I think in the future if you ask on https://github.com/github/codeql (possibly as Discussion) or on Stack Overflow you might get better or a greater variety of answers. |
Hi Marcono, Thanks much for your quick help and assistance and the explanation . Much grateful for your help and the tips -Vignesh |
Hi Marcono, Thanks much for your quick help and assistance and the explanation . Much grateful for your help and the tips -Vignesh |
No problem, but if you are using this code for your own query
This also has the advantage that in case you or someone else wants to get more information about this again in the future, they can revisit my comment above. No worries though, you can do with your code whatever you want to do regarding licensing; I won't raise any claims there or similar. It is just that writing that answer above also took me some time, so it would have been nice if that was recognized. |
Rearranged my folder structure little bit Done :) . Thanks |
Hi Marcono,
I stumbled on your java codeql query packs and i found it very useful. I myself a newbie and trying to learn codeql to develop custom queries for my use-cases. I dont see we have standard query pack which covers the CWE#214 (Invoking a process with sensitive command line argument) . I have attached a simple java program on which am trying to match the value of argument "command" which is passed to runtime.exec() which contains sensitive command line parameter .
Could you please assist me here if you have some time to spare ?
Thanks
Vigneshwaran M
sample.txt
The text was updated successfully, but these errors were encountered: