Skip to content
Browse files

Merge branch 'master' into melbourne

Conflicts:
	lib/scanny/checks/shell_expansion_check.rb
  • Loading branch information...
2 parents be61b7d + 5deafd6 commit cc82147b7aa6723de197ae6257504cc7f9001a88 @dmajda dmajda committed Jul 28, 2011
Showing with 3 additions and 3 deletions.
  1. +3 −3 lib/scanny/checks/shell_expansion_check.rb
View
6 lib/scanny/checks/shell_expansion_check.rb
@@ -12,18 +12,18 @@ def interesting_nodes
def evaluate_node(node)
if node.is_a?(Rubinius::AST::ExecuteString) || node.is_a?(Rubinius::AST::DynamicExecuteString)
- add_issue :high, "Backticks and %x{...} pass the executed command through shell exapnsion."
+ add_issue :high, "Backticks and %x{...} pass the executed command through shell expansion. (CWE-88,CWE-78)"
else
return unless SHELL_EXPANDING_METHODS.include?(node.name)
- # The command goes through shell exapnsion only if it is passed as one
+ # The command goes through shell expansion only if it is passed as one
# argument.
return unless node.arguments.size == 1
unless node.receiver.is_a?(Rubinius::AST::Self) ||
(node.receiver.is_a?(Rubinius::AST::ConstantAccess) && node.receiver.name == :Kernel)
return
end
- add_issue :high, "The \"#{node.name}\" method can pass the executed command through shell exapnsion."
+ add_issue :high, "The \"#{node.name}\" method can pass the executed command through shell expansion. (CWE-88,CWE-78)"
end
end
end

0 comments on commit cc82147

Please sign in to comment.
Something went wrong with that request. Please try again.