rspec/rules/S4036/description.adoc


			
				
					
						
						
						
							
							
							When executing an OS command and unless you specify the full path to the executable, then the locations in your application's ``++PATH++`` environment variable will be searched for the executable. That search could leave an opening for an attacker if one of the elements in ``++PATH++`` is a directory under his control. 

						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink