Skip to content
This repository was archived by the owner on Feb 4, 2026. It is now read-only.

Add compliant and noncompliant examples of javascript/code-injection@v1.0#71

Open
karmakri wants to merge 5 commits intoaws-samples:mainfrom
karmakri:code_injection
Open

Add compliant and noncompliant examples of javascript/code-injection@v1.0#71
karmakri wants to merge 5 commits intoaws-samples:mainfrom
karmakri:code_injection

Conversation

@karmakri
Copy link
Contributor

@karmakri karmakri commented Jun 21, 2023

Description of changes:

Add compliant and noncompliant examples of javascript/code-injection@v1.0.

zjiamzn
zjiamzn reviewed Jun 25, 2023
View reviewed changes
src/javascript/detectors/code_injection/code_injection.js
const allowedParameters = ['-n', '-c']

// Compliant: validating user-supplied datas before passing them into the shell command.
if ( allowedCommands.indexOf(command) != -1 && allowedParameters.indexOf(parameter) != -1 && !isNaN(lines)) {
Copy link

@zjiamzn zjiamzn Jun 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you fix indentation:
if (allowedCommands.indexOf(command) != -1)
Note no tailing space after (

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@zjiamzn zjiamzn zjiamzn left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@karmakri @zjiamzn