2lambda123 / cisagov-Malcolm

Other
0 stars 0 forks source link

Fix code scanning alert - golang: os/exec: Code injection in Cmd.Start #60

Open 2lambda123 opened 2 months ago

2lambda123 commented 2 months ago

Tracking issue for:

git-greetings[bot] commented 2 months ago

Thanks @2lambda123 for opening this issue!

For COLLABORATOR only :

secure-code-warrior-for-github[bot] commented 2 months ago

Micro-Learning Topic: Code injection (Detected by phrase)

Matched on "Code injection"

What is this? (2min video)

Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.

Try a challenge in Secure Code Warrior

Helpful references
gitginie[bot] commented 2 months ago

@2lambda123! Thank you for your contribution to this repository! We appreciate your effort in opening issue. Happy coding!

git-greetings[bot] commented 2 months ago
Issues Details of @2lambda123 in cisagov-Malcolm : OPEN CLOSED TOTAL
30 0 30
codeautopilot[bot] commented 2 months ago

Your organization has reached the subscribed usage limit. You can upgrade your account by purchasing a subscription at Stripe payment link