search

dotnet / vscode-csharp

Official C# support for Visual Studio Code
MIT License
2.85k stars 667 forks source link

Command Injection issue in processPicker.ts #6414

Open ariana02880 opened 11 months ago

ariana02880 commented 11 months ago

Environment data

I used Fortify_SCA 22.2.2 to scan vscode-csharp 1.23.11

Scan results

Sink Location: src/features/processPicker.ts:504 Code Snippet: // Execute the process with proper command and arguments execFile(command, args, { cwd: workingDirectory, maxBuffer: 500 * 1024 }, (error: Error | null, stdout: string, stderr: string) => { if (error) { reject(error);

gregg-miskelly commented 11 months ago

@ariana02880 Can you explain what the concern is? I am guessing the code that you are referencing is here: processPicker.ts#L654.