Skip to content
This repository has been archived by the owner on Feb 27, 2024. It is now read-only.

[BUG] Curl Bash rule misses some forms of use #33

Open
loredous opened this issue Jun 7, 2023 · 0 comments
Open

[BUG] Curl Bash rule misses some forms of use #33

loredous opened this issue Jun 7, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@loredous
Copy link
Contributor

loredous commented Jun 7, 2023

Describe the bug
In testing the curl bash rule, it was found that it does not catch the following:

curl -sSf https://build.travis-ci.org/files/rustup-init.sh | sh -s -- --default-toolchain=$TRAVIS_RUST_VERSION -y

To Reproduce
Steps to reproduce the behavior:

  1. submit the above string to the service
  2. Note that the results only include the dependency, but not a finding for the curl bash

Expected behavior
It should also note that this line is doing an un-verified curl bash
@loredous loredous added the bug Something isn't working label Jun 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@loredous