rspec/ask-yourself.adoc at fb901b8bbd7a149439e719970a8c61d6a08af567 - rspec - BuBaQ

ishangsf/rspec

github-actions[bot] 76520001a7

Create rule S6350: Constructing arguments of system commands from user input is security-sensitive (#260 )

* Create rule S6350

* Update description

* Add code samples

* Make stdin more verbose

* Make stdin more verbose

* Update recommended

* Improve description

* Extend ask yourself

* Add compliant solutions and rename tainted variables

* Add input var

* Add link to blog post

* Use find as example

* Update csharp example

* Add OWASP Top 10 2021 mapping

* add missing message

* fix metadata

* Use type-safe in_array for PHP

Co-authored-by: hendrik-buchwald-sonarsource <hendrik-buchwald-sonarsource@users.noreply.github.com>
Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com>
Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com>
Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com>
Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com>

2021-11-09 15:01:30 +01:00

7 lines

228 B

Plaintext

Raw Blame History

 == Ask Yourself Whether
 * Malicious arguments can result in undesired behavior in the executed command.
 * Passing user input to a system command is not necessary.
 There is a risk if you answered yes to any of those questions.