search

mariana-bteixeira / python-mini-projects

A collection of simple python mini projects to enhance your python skills
https://python-world.github.io/python-mini-projects/#/
MIT License
0 stars 0 forks source link

CX Command_Injection @ projects/Image_watermark/watermark.py [master] #18

Open mariana-bteixeira opened 7 months ago

mariana-bteixeira commented 7 months ago

Command_Injection issue exists @ projects/Image_watermark/watermark.py in branch master

*The application's input method calls an OS (shell) command with input, at line 31 of projects\Image_watermark\watermark.py, using an untrusted string with the command to execute.  This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.The attacker may be able to inject the executed command via user input, input, which is retrieved by the application in the input method, at line 31 of projects\Image_watermark\watermark.py.Similarity ID: -1846225891

The application's input method calls an OS (shell) command with input, at line 32 of projects\Image_watermark\watermark.py, using an untrusted string with the command to execute.  This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.The attacker may be able to inject the executed command via user input, input, which is retrieved by the application in the input method, at line 32 of projects\Image_watermark\watermark.py.Similarity ID: 1290031077*

Severity: High

CWE:77

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 32 31

Code (Line #32):

watermark = input("Enter Watermark Path:")

Code (Line #31):

folder = input("Enter Folder Path:")
mariana-bteixeira commented 7 months ago

Issue still exists.