OS Command Injection High

OS command injection is a critical vulnerability that can lead to a full system compromise as it may allow an adversary to pass in arbitrary commands or arguments to be executed.

Detector ID
csharp/os-command-injection@v1.0
Category
Common Weakness Enumeration (CWE) external icon
Tags
-

Noncompliant example

1public void OsCommandInjectionNoncompliant(String path)
2{
3    // Noncompliant: user-supplied parameter is passed to `Process.Start()`.
4    Process.Start(path);
5}

Compliant example

1public void OsCommandInjectionCompliant(String path)
2{
3    // Compliant: string is passed to `Process.Start()`.
4    Process.Start("path");
5}