rspec/rules/S5334/description.adoc

Applications that execute code dynamically should neutralize any externally-provided values used to construct the code. Failure to do so could allow an attacker to execute arbitrary code. This could enable a wide range of serious attacks like accessing/modifying sensitive information or gain full system access.


The mitigation strategy should be based on whitelisting of allowed values or casting to safe types.
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`Applications that execute code dynamically should neutralize any externally-provided values used to construct the code. Failure to do so could allow an attacker to execute arbitrary code. This could enable a wide range of serious attacks like accessing/modifying sensitive information or gain full system access.`

Force linebreaks 2021-02-02 15:02:10 +01:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`The mitigation strategy should be based on whitelisting of allowed values or casting to safe types.`