Highest Voted 'commandinjection' Questions

1

vote

0 answers

How to prevent command injection vulnerability in bash user input?

I would assume that wrapping user input in 'single quotes' or "double quotes" would make input be interpreted literally. I believe that ' single quotes ' do not allow escape characters and would be the better choice. Basically I have read some…

bash input commandinjection

asked May 03 '23 at 21:06

luma09

21
3

1

vote

1 answer

Can Convert.ToBase64String(Encoding.UTF8.GetBytes(input)) prevent Command Injection?

In my experience, we can use replace() filtering && and | to prevent command injection. Our code need to send base64String to another process, but there is Stored Command Injection scaned by checkmarx, can…

security checkmarx commandinjection

asked Jan 05 '22 at 10:09

Billy Chung

111
1
6

1

vote

0 answers

Is my code vulnerable to Command Injection?

I am creating a CMS but I do not know how to write the code to get saved from Command Injection. Let me know if there is a RCE vulnerability in my code. case 'clearcache': global $selected_language; $url= $_REQUEST['url']; $type =…

php commandinjection

asked Jan 03 '22 at 14:51

X-HAT

33
1
6

1

vote

0 answers

Getting command Injection in Lodash

Recently , I am facing below vulnerability on my security scan Security scan results Explanation: The `lodash` package is vulnerable to Command Injection. The `template` function in the `lodash.js` and `template.js` files does not properly ensure…

javascript npm lodash fortify commandinjection

asked Oct 16 '21 at 21:32

user17170496

21
4

0

votes

0 answers

Why is this java program vulnerable to command injection

The java program is: import java.util.*; import java.io.*; public class test{ public static void main(String[] args){ try{ Process proc = (new ProcessBuilder("cmd.exe", "/c", "dir", args[0])).start(); …

commandinjection

asked Sep 01 '23 at 04:16

useprxf

269
1
3
13

0

votes

0 answers

Javascript Command_Injection Vulnerability

I have below code in my js file, Checkmarx flagged a command injection vulnerability at execSync('scripts/beautify_yaml.sh '+ yamlPath).toString(); function beautifyYaml(yamlPath) { return execSync('scripts/beautify_yaml.sh '+…

javascript security checkmarx commandinjection

asked Jul 25 '23 at 09:58

Sahil Butani

43
9

0

votes

0 answers

escape suffix validation URL - Node JS Express application

I'm currently working with an Express app and would like to know whether I would be able to escape the following suffix validation: ---SNIP--- const validsuffixes = ['sub2.sub1.maindomain.io']; ... ---SNIP--- ----SNIP---- pathRewrite: { …

javascript node.js express ssrf commandinjection

asked Oct 10 '22 at 07:48

wicked_proxy

29
4

0

votes

1 answer

Command Injection In Java

I am new in java, a self learner. I came accross the following issue and was stuck. In fact I am trying to sanitize this code against command injection but failed to understand how. I know how to sanitize user input but this specific has to do with…

java validation commandinjection

asked Apr 11 '22 at 18:30

JavaBeginner

3
1

0

votes

1 answer

Checking this awk print is not vulnerable to code injection

There are awk (BusyBox v1.26.2 awk) statements to parse /proc/cmdline before passing an IP address to a program. And I can't change them. /bin/t `awk 'BEGIN{FS="ip="}{print $2}' /proc/cmdline | awk 'BEGIN{FS=":"}{print $2}'` So that the…

linux awk busybox commandinjection

asked Feb 07 '22 at 15:04

Tis Me

11
1

0

votes

1 answer

How to fix command injection issue on Checkmarx for parse_args

I have python code that parses input parameters: parser=OptionParser() parser.add_option("-o", dest="out", default=os.getenv('Path',None), help="file path") parser.add_option("-c", dest="content", default=os.path.abspath(sys.path[0]), help="cont…

python command-line code-injection checkmarx commandinjection

asked Dec 11 '21 at 22:49

Tramsey

21
3

0

votes

1 answer

Ruby prevent command injection with open3

in one of the project I am working with, we were using backtip approach to run system commands. resp = `7z x #{zip_file_path} -p#{password} -o#{output_path}` which works fine. But since it might lead to command injection vulnerability we are…

ruby-on-rails ruby 7zip popen3 commandinjection

asked Dec 11 '21 at 07:08

Aparichith

1,452
4
20
40

0

votes

0 answers

Fortify Command Injection Issue in C#

The method StartProcess() in WindowsApiManager.cs calls set_Arguments() to execute a command. This call might allow an attacker to inject malicious commands. Getting the above issue while I am trying to pass file name and arguments to the start…

c# fortify commandinjection

asked Nov 17 '21 at 05:15

user1508503

41
1
4

0

votes

0 answers

how to fix the "Command Injection" issue by Checkmarx for python code "args=parser.parse_args()"?

I have a python code which parses the input parameters like the following: parser = argparse.ArgumentParser(description='Information injection in file.') # , usage=usage()) requiredNamed =…

python checkmarx secure-coding sast commandinjection

asked Apr 30 '21 at 19:03

boxu

1
1
1

0

votes

1 answer

How well does Checkmarx understand PHP and libraries?

Sorry for the very broad question but we have some problems, e.g. Checkmarx is complaining about code injection in something like the following $accesskey = $_GET['accesskey'] ?? $argv[1] ?? null; if (!$accesskey || !ctype_alnum($accesskey)) { …

php secure-coding checkmarx commandinjection

asked Nov 24 '20 at 09:02

herndlm

81
3

0

votes

1 answer

OS Command Injection (CWE ID 78) (1 flaw) Java code

The flaw is at Runtime.getRuntime().exec(cmd, env) method. We have validated the input using OWASP ESAPI. But Veracode still reports OS command injection flaw. Old Code: public Process exec(String[] cmd, String[] env) throws IOException { return…

java security veracode secure-coding commandinjection

asked Jul 16 '20 at 11:03

krisp

4,727
5
25
26

Questions tagged [commandinjection]