rspec/rules/S5883/description.adoc

Applications that allow execution of operating system commands from user-controlled data should control the arguments passed to the command to execute, otherwise an attacker can inject additional arbitrary arguments which can change the command behavior.


Command arguments constructed from user-controlled data should be sanitized in order to escape argument delimiters (eg: ', space, - ) preventing argument injection attacks.
	`Applications that allow execution of operating system commands from user-controlled data should control the arguments passed to the command to execute, otherwise an attacker can inject additional arbitrary arguments which can change the command behavior.`


	`Command arguments constructed from user-controlled data should be sanitized in order to escape argument delimiters (eg: ', space, - ) preventing argument injection attacks.`