RasmusWL

| test.py:14 | ✓ | test_basic | s | <NO TAINT> |
| test.py:16 | ✓ | test_basic | s | externally controlled string |
| test.py:19 | ✓ | test_basic | s | externally controlled string |
| test.py:21 | ✓ | test_basic | s | <NO TAINT> |
| test.py:29 | ✓ | test_or | s | externally controlled string |
| test.py:31 | ✓ | test_or | s | externally controlled string |
| test.py:35 | ✓ | test_or | s | externally controlled string |
| test.py:37 | ✓ | test_or | s | externally controlled string |
| test.py:41 | ✓ | test_or | s | externally controlled string |
| test.py:43 | ✓ | test_or | s | externally controlled string |

RasmusWL

[2020-03-30 10:54:07] This is codeql execute queries -J-Xmx1997M --off-heap-ram=1997 --verbosity=progress --logdir=/home/rasmus/code/ql/python/ql/logs/salt --tuple-counting --ml-model-path= --native-library-path= --warnings=show -- /home/rasmus/Downloads/saltstack_salt_5c450f3/db-python /home/rasmus/code/ql/python/ql/src/Security/CWE-079/ReflectedXss.ql
[2020-03-30 10:54:07] Creating executor with 1 threads.
[2020-03-30 10:54:08] Calling plumbing command: codeql resolve library-path --query=/home/rasmus/code/ql/python/ql/src/Security/CWE-079/ReflectedXss.ql --format=json
[2020-03-30 10:54:08] [DETAILS] resolve library-path> Resolving query at normalized path /home/rasmus/code/ql/python/ql/src/Security/CWE-079/ReflectedXss.ql.
[2020-03-30 10:54:08] [DETAILS] resolve library-path> Found enclosing pack 'codeql-python' at /home/rasmus/code/ql/python/ql/src.
[2020-03-30 10:54:08] [DETAILS] resolve library-path> Adding compilation cache at /home/rasmus/code/ql/python/ql/src/.cache.
[2020-03-30 10:54:08] [DETAILS] r

RasmusWL

+ [pyenv:22] enable -f /home/rasmus/.pyenv/bin/../libexec/pyenv-realpath.dylib realpath
+ [pyenv:29] '[' -z '' ']'
++ [pyenv:31] head -1
++ [pyenv:31] type -p greadlink readlink
+ [pyenv:31] READLINK=/bin/readlink
+ [pyenv:32] '[' -n /bin/readlink ']'
+ [pyenv:57] '[' -z /home/rasmus/.pyenv ']'
+ [pyenv:60] PYENV_ROOT=/home/rasmus/.pyenv
+ [pyenv:62] export PYENV_ROOT
+ [pyenv:65] '[' -z '' ']'

RasmusWL

$ envconsul -log-level=debug -config config.hcl /bin/true
2018/03/22 09:52:16.591266 [INFO] envconsul v0.7.3 (daa2947)
2018/03/22 09:52:16.591369 [INFO] (runner) creating new runner (once: false)
2018/03/22 09:52:16.592011 [DEBUG] (runner) final config: {"Consul":{"Address":"","Auth":{"Enabled":false,"Username":"","Password":""},"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":false,"Key":"","ServerName":"","Verify":true},"Token":"","Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":5,"TLSHandshakeTimeout":10000000000}},"Exec":{"Command":"/bin/true","Enabled":true,"Env":{"Blacklist":[],"Custom":[],"Pristine":false,"Whitelist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":0},"KillSignal":2,"LogLevel":"debug","MaxStale":2000000000,"PidFile":"","Prefixes":[],"Pristine":false,"Re

RasmusWL

Keybase proof

I hereby claim:

• I am rasmuswl on github.
• I am rasmuswl (https://keybase.io/rasmuswl) on keybase.
• I have a public key whose fingerprint is 678F 259F 6B2E 512A D770 F5DE 15C8 5540 68DE A63A

To claim this, I am signing this object:

RasmusWL

#include <stdio.h>
#include <string.h>

int main(int argc, const char *argv[])
{
    const char somechars[] = "abcdefghijklmnopqrstuvwxyz0123456789";
    char tmp[16];
    char secret[] = "some secret I want to keep hidden";

    strncpy(tmp, somechars, sizeof(tmp));