go-command-injection

Vasilii Ermilov

Author

unknown

Download Count*

LGPL Commons Clause

License

Secure defaults for Command injection prevention

Run Locally

Rules (5)

go.otto.security.audit.dangerous-execution.dangerous-execution

semgrep

Detected non-static script inside otto VM. Audit the input to 'VM.Run'. If unverified user data can reach this call site, this is a code injection vulnerability. A malicious actor can inject a malicious script to execute arbitrary code.

go.lang.security.audit.dangerous-exec-cmd.dangerous-exec-cmd

semgrep

Detected non-static command inside exec.Cmd. Audit the input to 'exec.Cmd'. If unverified user data can reach this call site, this is a code injection vulnerability. A malicious actor can inject a malicious script to execute arbitrary code.

go.lang.security.audit.dangerous-exec-command.dangerous-exec-command

semgrep

Detected non-static command inside Command. Audit the input to 'exec.Command'. If unverified user data can reach this call site, this is a code injection vulnerability. A malicious actor can inject a malicious script to execute arbitrary code.

go.lang.security.audit.dangerous-syscall-exec.dangerous-syscall-exec

semgrep

Detected non-static command inside Exec. Audit the input to 'syscall.Exec'. If unverified user data can reach this call site, this is a code injection vulnerability. A malicious actor can inject a malicious script to execute arbitrary code.

go.lang.security.audit.dangerous-command-write.dangerous-command-write

semgrep

Detected non-static command inside Write. Audit the input to '$CW.Write'. If unverified user data can reach this call site, this is a code injection vulnerability. A malicious actor can inject a malicious script to execute arbitrary code.