rspec/rules/S4829/description.adoc

Reading Standard Input is security-sensitive. It has led in the past to the following vulnerabilities:

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2337[CVE-2005-2337]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11449[CVE-2017-11449]

It is common for attackers to craft inputs enabling them to exploit software vulnerabilities. Thus any data read from the standard input (stdin) can be dangerous and should be validated.


This rule flags code that reads from the standard input.
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`Reading Standard Input is security-sensitive. It has led in the past to the following vulnerabilities:`

			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2337[CVE-2005-2337]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11449[CVE-2017-11449]`

			`It is common for attackers to craft inputs enabling them to exploit software vulnerabilities. Thus any data read from the standard input (stdin) can be dangerous and should be validated.`

Force linebreaks 2021-02-02 15:02:10 +01:00
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`This rule flags code that reads from the standard input.`