OS command injection is a critical vulnerability that can lead to a full system compromise as it may allow an adversary to pass in arbitrary commands or arguments to be executed.
1public void OsCommandInjectionNoncompliant(String path)
2{
3 // Noncompliant: user-supplied parameter is passed to `Process.Start()`.
4 Process.Start(path);
5}
1public void OsCommandInjectionCompliant(String path)
2{
3 // Compliant: string is passed to `Process.Start()`.
4 Process.Start("path");
5}