rspec/rules/S5334/description.adoc

Applications that execute code dynamically should neutralize any externally-provided values used to construct the code. Failure to do so could allow an attacker to execute arbitrary code. This could enable a wide range of serious attacks like accessing/modifying sensitive information or gain full system access.


The mitigation strategy should be based on whitelisting of allowed values or casting to safe types.
	`Applications that execute code dynamically should neutralize any externally-provided values used to construct the code. Failure to do so could allow an attacker to execute arbitrary code. This could enable a wide range of serious attacks like accessing/modifying sensitive information or gain full system access.`


	`The mitigation strategy should be based on whitelisting of allowed values or casting to safe types.`