add test vulnerable file just to validate the install of semgrep in repo

zeta-chain · Sep 25, 2024 · f56b3ab · f56b3ab
1 parent 3e0b307
commit f56b3ab
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/cmd/test-semgrep.go b/cmd/test-semgrep.go
@@ -0,0 +1,26 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+)
+
+func main() {
+	// Another example of untrusted input
+	input := "ping -c 8 google.com; echo hacked"
+
+	ctx := context.Background()
+
+	// Vulnerable: input is directly concatenated into the command
+	command := fmt.Sprintf("sh -c %s", input)
+	cmd := exec.CommandContext(ctx, command)
+
+	// Execute and print the output
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		fmt.Println("Error:", err)
+	}
+	fmt.Println("Output:", string(output))
+}
+