CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
      • Curl
        • Security
      • Lang
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Curl

Security

curl-pipe-bash

Data is being piped into bash from a curl command. An attacker with control of the server in the curl command could inject malicious code into the pipe, resulting in a system compromise. Avoid piping untrusted data into bash or any other shell if you can. If you must do this, consider checking the SHA sum of the content returned by the server to verify its integrity.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection

curl-eval

Data is being eval’d from a curl command. An attacker with control of the server in the curl command could inject malicious code into the eval, resulting in a system comrpomise. Avoid eval’ing untrusted data if you can. If you must do this, consider checking the SHA sum of the content returned by the server to verify its integrity.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection
SystemBest practice
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.