defmodule Sobelow.CI do
  @moduledoc """
  # Command Injection

  Command Injection vulnerabilities are a result of
  passing untrusted input to an operating system shell,
  and may result in complete system compromise.

  Read more about Command Injection here:
  https://www.owasp.org/index.php/Command_Injection

  If you wish to learn more about the specific vulnerabilities
  found within the Command Injection category, you may run the
  following commands to find out more:

        $ mix sobelow -d CI.OS
        $ mix sobelow -d CI.System

  Command Injection checks of all types can be ignored with the
  following command:

      $ mix sobelow -i CI
  """
  @submodules [Sobelow.CI.System, Sobelow.CI.OS]
  use Sobelow.FindingType

  def get_vulns(fun, meta_file, _web_root, skip_mods \\ []) do
    allowed = @submodules -- (Sobelow.get_ignored() ++ skip_mods)

    Enum.each(allowed, fn mod ->
      apply(mod, :run, [fun, meta_file])
    end)
  end

  def details do
    @moduledoc
  end
end