rspec/rules/S4823/description.adoc

Using command line arguments is security-sensitive. It has led in the past to the following vulnerabilities:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7281[CVE-2018-7281]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12326[CVE-2018-12326]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3198[CVE-2011-3198]

Command line arguments can be dangerous just like any other user input. They should never be used without being first validated and sanitized.

Remember also that any user can retrieve the list of processes running on a system, which makes the arguments provided to them visible. Thus passing sensitive information via command line arguments should be considered as insecure.

This rule raises an issue when on every program entry points (<code>main</code> methods) when command line arguments are used. The goal is to guide security code reviews.
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`Using command line arguments is security-sensitive. It has led in the past to the following vulnerabilities:`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7281[CVE-2018-7281]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12326[CVE-2018-12326]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3198[CVE-2011-3198]`

			`Command line arguments can be dangerous just like any other user input. They should never be used without being first validated and sanitized.`

			`Remember also that any user can retrieve the list of processes running on a system, which makes the arguments provided to them visible. Thus passing sensitive information via command line arguments should be considered as insecure.`

			`This rule raises an issue when on every program entry points (<code>main</code> methods) when command line arguments are used. The goal is to guide security code reviews.`