include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]


== Sensitive Code Example

[source,python]
----
import os

@app.route("/kill-pid/<pid>")
def send_signal(pid):
    os.kill(pid, 9)  # Sensitive

@app.route("/kill-pgid/<pgid>")
def send_signal(pgid):
    os.killpg(pgid, 9)  # Sensitive
----

== Compliant Solution

[source,python]
----
import os

@app.route("/kill-pid/<pid>")
def send_signal(pid):
    # Validate the untrusted PID,
    # With a pre-approved list or authorization checks
    if is_valid_pid(pid):
        os.kill(pid, 9)

@app.route("/kill-pgid/<pgid>")
def send_signal(pgid):
    # Validate the untrusted PGID,
    # With a pre-approved list or authorization checks
    if is_valid_pgid(pgid):
        os.kill(pgid, 9)
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]