Unsanitized dynamic input in OS command

• Rule ID: go_gosec_injection_subproc_injection
• Languages: go
• Source: subproc_injection.yml

Description

Using unsanitized dynamic or external input in an OS command is a critical security flaw that can enable attackers to execute unauthorized commands on the host operating system, potentially leading to a complete system takeover.

Remediations

• Do not construct OS commands or command-line arguments using externally-supplied information. This practice can introduce command injection vulnerabilities.

  cmd := exec.Command("bash", "-c", "echo " + externalInput) // unsafe

• Do validate all external input against a strict set of rules to ensure it does not include harmful characters or patterns.

  if !regexp.MustCompile(`^[a-zA-Z0-9]+$`).MatchString(externalInput) {
    log.Fatal("Invalid input")
  }

• Do use hardcoded arguments when invoking OS commands to prevent external input from altering the command's execution.

  cmd := exec.Command("ls", "-l", "/var/log")

• Do prefer native libraries or programming language features over invoking shell commands for enhanced security and efficiency.

References

• OWASP OS Command Injection Defense Cheat Sheet

Associated CWE

• CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP Top 10

• A03:2021 - Injection

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_gosec_injection_subproc_injection

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_gosec_injection_subproc_injection