Why this matters
Passing user input directly into system commands can lead to command injection vulnerabilities. Always sanitize inputs before execution.
Passing user input directly into system commands can lead to command injection vulnerabilities. Always sanitize inputs before execution.
Passing user input directly into system commands can lead to command injection vulnerabilities. Always sanitize inputs before execution.
Side-by-side examples engineers can pattern-match during review.
using System.Diagnostics;
Process p = new Process();
p.StartInfo.FileName = "/usr/bin/find";
p.StartInfo.ArgumentList.Add(input); // Sensitiveusing System.Diagnostics;
Process p = new Process();
p.StartInfo.FileName = "/usr/bin/find";
if (allowed.Contains(input)) {
p.StartInfo.ArgumentList.Add(input);
}using System.Diagnostics;
Process p = new Process();
p.StartInfo.FileName = "/usr/bin/find";
p.StartInfo.ArgumentList.Add(input); // Sensitiveusing System.Diagnostics;
Process p = new Process();
p.StartInfo.FileName = "/usr/bin/find";
if (allowed.Contains(input)) {
p.StartInfo.ArgumentList.Add(input);
}From the same buckets as this rule.