lib/brakeman/checks/check_execute.rb in brakeman-min-5.2.3 vs lib/brakeman/checks/check_execute.rb in brakeman-min-5.3.0
- old
+ new
@@ -115,11 +115,12 @@
:warning_type => "Command Injection",
:warning_code => :command_injection,
:message => "Possible command injection",
:code => call,
:user_input => failure,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe_id => [77]
end
end
# @return [Boolean] true iff the command given by `first_arg`, `second_arg`
# invokes a new shell process via `<shell_command> -c` (like `bash -c`)
@@ -136,11 +137,12 @@
warn :result => result,
:warning_type => "Command Injection",
:warning_code => :command_injection,
:message => msg("Possible command injection in ", msg_code("open")),
:user_input => match,
- :confidence => :high
+ :confidence => :high,
+ :cwe_id => [77]
end
end
end
def include_user_input? exp
@@ -199,10 +201,11 @@
:warning_type => "Command Injection",
:warning_code => :command_injection,
:message => "Possible command injection",
:code => exp,
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe_id => [77]
end
# This method expects a :dstr or :evstr node
def dangerous? exp
exp.each_sexp do |e|