OS Command Injection
Description
The highlighted API is used to execute a system command. If unfiltered input is passed to this API, it can lead to arbitrary command execution.
Examples
Insecure Code
scala
val rt = Runtime.getRuntime
rt.exec(param)Secure Code
scala
val rt = Runtime.getRuntime
rt.exec("valid_command")Remediation
Validate and sanitize all input to system commands to prevent injection of malicious commands.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0042 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-78 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | os command injection, command injection |
| OWASP | N/A |