16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
51 lines
1013 B
Plaintext
51 lines
1013 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
const cp = require('child_process');
|
|
|
|
// A shell will be spawn in these following cases:
|
|
cp.exec(cmd); // Sensitive
|
|
cp.execSync(cmd); // Sensitive
|
|
|
|
cp.spawn(cmd, { shell: true }); // Sensitive
|
|
cp.spawnSync(cmd, { shell: true }); // Sensitive
|
|
cp.execFile(cmd, { shell: true }); // Sensitive
|
|
cp.execFileSync(cmd, { shell: true }); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,javascript]
|
|
----
|
|
const cp = require('child_process');
|
|
|
|
cp.spawnSync("/usr/bin/file.exe", { shell: false }); // Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 5 Dec 2018, 21:24:54 Alexandre Gigleux wrote:
|
|
https://nodejs.org/api/child_process.html
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|