mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
18 lines
445 B
Go
18 lines
445 B
Go
// Command injection — negative fixture.
|
|
// Safe: passes host as a separate arg to exec.Command (no shell invoked).
|
|
// Entry: RunPing(host string) Cap: CODE_EXEC
|
|
// Expected verdict: NotConfirmed
|
|
|
|
package entry
|
|
|
|
import (
|
|
"fmt"
|
|
"os/exec"
|
|
)
|
|
|
|
func RunPing(host string) {
|
|
// exec.Command does not invoke a shell; host is a literal argument.
|
|
cmd := exec.Command("echo", "hello", host)
|
|
out, _ := cmd.CombinedOutput()
|
|
fmt.Print(string(out))
|
|
}
|