Tainted flow: 'WECHAT_EXE' from os.environ.get (line 27, credential/environment) → subprocess.Popen (code execution)
Medium
- Category
- Data Flow
- Content
# launch fresh subprocess.Popen([WECHAT_EXE]) print("LAUNCHED", WECHAT_EXE) time.sleep(3)- Confidence
- 95% confidence
- Finding
- subprocess.Popen([WECHAT_EXE])
