CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
        • Curl
          • Security
        • Lang
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Curl

    Security

    Data is being piped into bash from a curl command. An attacker with control of the server in the curl command could inject malicious code into the pipe, resulting in a system compromise. Avoid piping untrusted data into bash or any other shell if you can. If you must do this, consider checking the SHA sum of the content returned by the server to verify its integrity.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
    OWASP:
    - A03:2021 - Injection

    Data is being eval’d from a curl command. An attacker with control of the server in the curl command could inject malicious code into the eval, resulting in a system comrpomise. Avoid eval’ing untrusted data if you can. If you must do this, consider checking the SHA sum of the content returned by the server to verify its integrity.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
    OWASP:
    - A03:2021 - Injection

    SystemBest practice
    twitterlinkedin
    Powered by Mintlify