Review code for process command injection vulnerabilities
Review code for process command injection vulnerabilities
Microsoft docsDescription
When working with untrusted input, be mindful of command injection attacks. A command injection attack can execute malicious commands on the underlying operating system, compromising the security and integrity of your server.
This rule attempts to find input from HTTP requests reaching a process command. This rule can't track data across assemblies. For example, if one assembly reads the HTTP request input and then passes it to another assembly that starts a process, this rule won't produce a warning. There is a configurable limit to how deep this rule will analyze data flow across method calls. See Analyzer Configuration for how to configure the limit in an EditorConfig file.
Cause
Potentially untrusted HTTP request input reaches a process command.
By default, this rule analyzes the entire codebase, but this is configurable.
How to fix violations
- If possible, avoid starting processes based on user input.
- Validate input against a known safe set of characters and length.
Example
using System;
using System.Diagnostics;
public partial class WebForm : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
string input = Request.Form["in"];
Process p = Process.Start(input);
}
}When to suppress
If you know the input has been validated or escaped to be safe, it's safe to suppress this warning.