Skip to content

Commit

Permalink
✨ (CodeQL) Fixed finding: "Uncontrolled command line"
Browse files Browse the repository at this point in the history
  • Loading branch information
@pixeebot
pixeebot[bot] authored Jan 9, 2025
1 parent 0f03acb commit 19f66dd
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions introduction/mitre.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,18 +230,18 @@ def mitre_lab_17(request):
return render(request, 'mitre/mitre_lab_17.html')

def command_out(command):
process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
process = subprocess.Popen(command, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

Check failure

Code scanning / CodeQL

Uncontrolled command line Critical

This command line depends on a
user-provided value
Loading
.
return process.communicate()


@csrf_exempt
def mitre_lab_17_api(request):
if request.method == "POST":
ip = request.POST.get('ip')
command = "nmap " + ip
command = ["nmap", ip]
res, err = command_out(command)
res = res.decode()
err = err.decode()
pattern = "STATE SERVICE.*\\n\\n"
ports = re.findall(pattern, res,re.DOTALL)[0][14:-2].split('\n')
return JsonResponse({'raw_res': str(res), 'raw_err': str(err), 'ports': ports})
return JsonResponse({'raw_res': str(res), 'raw_err': str(err), 'ports': ports})

0 comments on commit 19f66dd

Please sign in to comment.