...
- command processor via a call to
system()or similar function .
This is (also addressed in guideline recommendation ENV03-C. Sanitize the environment when invoking external programs: - external programs
- relational databases
- third-party COTS components (e.g.for example, an enterprise resource planning subsystem)
...
| Wiki Markup |
|---|
Data sanitization requires an understanding of the data being passed and the capabilities of the subsystem. John Viega and Matt Messier provide an example of an application that inputs an email address into a buffer and then uses this string as an argument in a call to {{system()}} \[[Viega 2003|AA. Bibliography#Viega 03]\]: |
...
For more info on the system() call, see guidelines recommendations ENV03-C. Sanitize the environment when invoking external programs and ENV04-C. Do not call system() if you do not need a command processor.
...
The call to execl() is not susceptible to command injection because the shell command interpreter is not invoked. (See guideline recommendation ENV04-C. Do not call system() if you do not need a command processor.)
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: STR02-CPP. Sanitize data passed to complex subsystems
Java The CERT Oracle Secure Coding Standard for Java: IDS07-J. Prevent SQL Injection
Bibliography
Wiki Markup
MITRE CWE: CWE-78, "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')"
ISO/IEC 9899:1999 Section /data/definitions/88.html], "Argument Injection or Modification," and [CWE ID 78|http://cwe.mitre.org/data/definitions/78.html], "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')" \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.4.6, "The system function"
Bibliography
| Wiki Markup |
|---|
\[[Viega 2003|AA. Bibliography#Viega 03]\] |
...