mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
22 lines
609 B
Python
22 lines
609 B
Python
"""Command injection — negative fixture.
|
|
|
|
Safe function: uses subprocess list form (no shell=True), preventing injection.
|
|
Expected verdict: NotConfirmed.
|
|
"""
|
|
import subprocess
|
|
|
|
|
|
def run_ping(host):
|
|
"""Safe: list-form subprocess, no shell expansion."""
|
|
# Sanitize: only allow alphanumeric and dots
|
|
safe_host = "".join(c for c in host if c.isalnum() or c == ".")
|
|
if not safe_host:
|
|
print("Invalid host")
|
|
return
|
|
result = subprocess.run(
|
|
["ping", "-c", "1", safe_host],
|
|
capture_output=True,
|
|
text=True,
|
|
timeout=5,
|
|
)
|
|
print(result.stdout)
|