gitlab.gosec.G204-1

rules:
  - id: gosec.G204-1
    patterns:
      - pattern-either:
          - patterns:
              - pattern: exec.CommandContext($CTX, $EXE, ...)
              - pattern-not: exec.CommandContext($CTX, "...", ...)
          - patterns:
              - pattern: exec.Command($EXE, ...)
              - pattern-not: exec.Command("...", ...)
          - patterns:
              - pattern: syscall.ForkExec($EXE, ...)
              - pattern-not: syscall.ForkExec("...", ...)
          - patterns:
              - pattern: syscall.StartProcess($EXE, ...)
              - pattern-not: syscall.StartProcess("...", ...)
    message: |
      Audit use of command execution
    metadata:
      cwe: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated
        Code ('Eval Injection')"
      owasp: "A1: Injection"
      primary_identifier: gosec.G204-1
      secondary_identifiers:
        - name: Gosec Rule ID G204
          type: gosec_rule_id
          value: G204
      license: MIT
    severity: WARNING
    languages:
      - go