alpine 3.6
shell weakness #91

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

cppcheck/src/cppcheck-1.78/gui/translationhandler.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

                              "languages.").arg(error));
        QMessageBox msgBox(QMessageBox::Warning,
                           tr("Cppcheck"),
                           msg,
                           QMessageBox::Ok);
        msgBox.exec();
        return false;
    }

    qApp->installTranslator(mTranslator);

    mCurrentLanguage = code;

    return true;
}

QString TranslationHandler::GetCurrentLanguage() const
{
    return mCurrentLanguage;
}

QString TranslationHandler::SuggestLanguage() const
{
    //Get language from system locale's name ie sv_SE or zh_CN
    QString language = QLocale::system().name();
    //qDebug()<<"Your language is"<<language;

    //And see if we can find it from our list of language files
    int index = GetLanguageIndexByCode(language);

    //If nothing found, return English
    if (index < 0) {
        return "en";
    }

    return language;
}

void TranslationHandler::AddTranslation(const char *name, const char *filename)
{
    TranslationInfo info;
    info.mName = name;
    info.mFilename = filename;
    int codeLength = QString(filename).length() - QString(filename).indexOf('_') - 1;
    info.mCode = QString(filename).right(codeLength);
    mTranslations.append(info);
}

int TranslationHandler::GetLanguageIndexByCode(const QString &code) const
{ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.