ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6350/see.adoc

8 lines
521 B
Plaintext
Raw Normal View History

Create rule S6350: Constructing arguments of system commands from user input is security-sensitive (#260) * Create rule S6350 * Update description * Add code samples * Make stdin more verbose * Make stdin more verbose * Update recommended * Improve description * Extend ask yourself * Add compliant solutions and rename tainted variables * Add input var * Add link to blog post * Use find as example * Update csharp example * Add OWASP Top 10 2021 mapping * add missing message * fix metadata * Use type-safe in_array for PHP Co-authored-by: hendrik-buchwald-sonarsource <hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com> Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com>
2021-11-09 15:01:30 +01:00
== See
* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection
* https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection
* http://cwe.mitre.org/data/definitions/88[MITRE, CWE-88] - Argument Injection or Modification
* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
* https://blog.sonarsource.com/php-supply-chain-attack-on-composer[CVE-2021-29472] - PHP Supply Chain Attack on Composer
Reference in New Issue Copy Permalink