dont-call-system
Don’t call system
. It’s a high-level wrapper that allows for stacking multiple commands. Always prefer a more restrictive API such as calling execve
from the exec
family.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection
dont-call-system
Don’t call system
. It’s a high-level wrapper that allows for stacking multiple commands. Always prefer a more restrictive API such as calling execve
from the exec
family.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection