Avoid command injection

This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: javascript-node-security/command-injection

Language: JavaScript

Severity: Warning

Category: Security

CWE: 78

Description

When executing a command, never use unchecked variables. Make sure that each variable in the command has been checked.

Non-Compliant Code Examples

childprocess.exec(`mv ${src} ${dst}`, (error, stdout, stderr) => {});
childprocess.exec('mv ' + src + " " + dst, (error, stdout, stderr) => {});

Compliant Code Examples

childprocess.exec('mv /tmp/src /tmp/dst', (error, stdout, stderr) => {});
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Security

Datadog Code Security
PREVIEWING: ida.adjivon/rtrieu/DOCS-10715-ET-standalone