14 lines
889 B
Plaintext
14 lines
889 B
Plaintext
Using command line arguments is security-sensitive. It has led in the past to the following vulnerabilities:
|
|
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7281[CVE-2018-7281]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12326[CVE-2018-12326]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3198[CVE-2011-3198]
|
|
|
|
Command line arguments can be dangerous just like any other user input. They should never be used without being first validated and sanitized.
|
|
|
|
|
|
Remember also that any user can retrieve the list of processes running on a system, which makes the arguments provided to them visible. Thus passing sensitive information via command line arguments should be considered as insecure.
|
|
|
|
|
|
This rule raises an issue when on every program entry points (``++main++`` methods) when command line arguments are used. The goal is to guide security code reviews.
|