Skip to content

Commit

Permalink
chore: adding some bad code that triggers semgrep
Browse files Browse the repository at this point in the history 
Signed-off-by: chaosinthecrd <[email protected]>
  • Loading branch information
@ChaosInTheCRD
ChaosInTheCRD committed Jan 21, 2025
1 parent 5348010 commit e0aadf9
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package main

import (
"github.com/common-nighthawk/go-figure"
"os"
"syscall"
)

func Hello() string {
Expand All @@ -11,4 +13,16 @@ func Hello() string {
func main() {
myFigure := figure.NewFigure(Hello(), "usaflag", true)
myFigure.Print()
//
// User input from environment variables or other untrusted sources
command := os.Getenv("USER_COMMAND") // Example of untrusted user input
if command == "" {
command = "/bin/bash" // Default fallback
}

// Potentially dangerous syscall.Exec with non-static input
err := syscall.Exec(command, []string{command, "-c", "ls -la"}, os.Environ())
if err != nil {
panic(err)
}
}

0 comments on commit e0aadf9

Please sign in to comment.