A command invocation (os/exec
) built from user-provided data without
sufficient sanitization may run commands to exfiltrate data or compromise the
system. It is recommended to either avoid using the user-provided data directly
in command invocations or sanitize them before use.
Recommendations to avoid such attacks: - Sanitize the user-input before command construction - Use hard-coded string literals to specify the commands to run - Based on the user-input, select trusted hard-coded commands
func executor(req *http.Request) {
cmdQ := req.URL.Query()["cmd"][0]
// NOTE: cmdQ contains the value (at index 0) of "cmd" key
// parsed from the raw query (request).
// An attacker could manipulate this to pass an unsafe URL
// such that cmdQ gets a command to run that's could compromise
// the system.
cmd := exec.Command(cmdQ)
cmd.Run()
}
The function extracts the name of a system command from the request parameter and then runs it without any scrutiny, which can cause a command injection vulnerability.
func executor(req *http.Request) {
cmdQ := req.URL.Query()["cmd"][0]
// NOTE: There are other methods as well to make this is safer
// function.
switch cmdQ {
case "a":
// Keep as it is
case "b":
// Modify
cmdQ = "app2"
case "<something unsafe":
// Executing "true" is harmless as it just returns
// true
cmdQ = "true"
default:
// Do something
}
cmd := exec.Command(cmdQ)
cmd.Run()
}