blob: ae0af7b15525ebea9c31d24d3b4546fa53b8e822 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
---
stage: Secure
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# OS Command Injection
## Description
It is possible to execute arbitrary OS commands on the target application server.
OS Command Injection is a critical vulnerability that can lead to a full system
compromise.
## Remediation
User input should never be used in constructing commands or command arguments
to functions which execute OS commands. This includes filenames supplied by
user uploads or downloads.
Ensure your application does not:
- Use user-supplied information in the process name to execute.
- Use user-supplied information in an OS command execution function which does
not escape shell meta-characters.
- Use user-supplied information in arguments to OS commands.
The application should have a hardcoded set of arguments that are to be passed
to OS commands. If file names are being passed to these functions, it is
recommended that a hash of the file name be used instead, or some other unique
identifier. It is strongly recommended that a native library that implements
the same functionality be used instead of using OS system commands due to the
risk of unknown attacks against third party commands.
## Details
| ID | Aggregated | CWE | Type | Risk |
|:---|:--------|:--------|:--------|:--------|
| 78.1 | false | 78 | Active | high |
## Links
- [OWASP](https://owasp.org/www-community/attacks/Command_Injection)
- [CWE](https://cwe.mitre.org/data/definitions/78.html)
|
