Fix code scanning alert - golang: os/exec: Code injection in Cmd.Start

2lambda123 commented 2 weeks ago

Tracking issue for:

[ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/8

secure-code-warrior-for-github[bot] commented 2 weeks ago

Micro-Learning Topic: Code injection (Detected by phrase)

Matched on "Code injection"

What is this? (2min video)

Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.

Try a challenge in Secure Code Warrior

Helpful references

OWASP Command Injection - OWASP community page with comprehensive information about Code Injection, and links to various OWASP resources to help detect or prevent it.
SEI CERT Oracle Coding Standard for Java - Prevent Code Injection - Carnegie Mellon University Software Engineering Institute guidance on preventing code injection vulnerabilities in Java.

git-greetings[bot] commented 2 weeks ago

Thanks @2lambda123 for opening this issue!

For COLLABORATOR only :

To add labels, comment on the issue /label add label1,label2,label3
To remove labels, comment on the issue /label remove label1,label2,label3

gitginie[bot] commented 2 weeks ago

@2lambda123! Thank you for your contribution to this repository! We appreciate your effort in opening issue. Happy coding!

git-greetings[bot] commented 2 weeks ago

Issues Details of @2lambda123 in cisagov-Malcolm :	OPEN	CLOSED	TOTAL
30	0	30

codeautopilot[bot] commented 2 weeks ago

Your organization has reached the subscribed usage limit. You can upgrade your account by purchasing a subscription at Stripe payment link

2lambda123 / cisagov-Malcolm