rust.lang.security.args-os.args-os

profile photo of semgrepsemgrep
Author
unknown
Download Count*

args_os should not be used for security operations. From the docs: "The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes."

Run Locally

Run in CI

Defintion

rules:
  - id: args-os
    message: 'args_os should not be used for security operations. From the docs:
      "The first element is traditionally the path of the executable, but it can
      be set to arbitrary text, and might not even exist. This means this
      property should not be relied upon for security purposes."'
    pattern: std::env::args_os()
    metadata:
      references:
        - https://doc.rust-lang.org/stable/std/env/fn.args_os.html
      technology:
        - rust
      category: security
      cwe: "CWE-807: Reliance on Untrusted Inputs in a Security Decision"
      confidence: HIGH
      likelihood: LOW
      impact: LOW
      subcategory: audit
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Other
    languages:
      - rust
    severity: INFO

Examples

args-os.rs

use std::env;

// ruleid: args-os
let args = env::args_os();