rspec/message.adoc at rspec-as-npm-package - rspec - BuBaQ

ishangsf/rspec

github-actions[bot] 76520001a7

Create rule S6350: Constructing arguments of system commands from user input is security-sensitive (#260 )

* Create rule S6350

* Update description

* Add code samples

* Make stdin more verbose

* Make stdin more verbose

* Update recommended

* Improve description

* Extend ask yourself

* Add compliant solutions and rename tainted variables

* Add input var

* Add link to blog post

* Use find as example

* Update csharp example

* Add OWASP Top 10 2021 mapping

* add missing message

* fix metadata

* Use type-safe in_array for PHP

Co-authored-by: hendrik-buchwald-sonarsource <hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com>
Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com>

2021-11-09 15:01:30 +01:00

4 lines

101 B

Plaintext

Raw Permalink Blame History

	`=== Message`

	`Make sure that this user-controlled command argument doesn't lead to unwanted behavior.`