このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: javascript-node-security/command-injection
Language: JavaScript
Severity: Warning
Category: Security
CWE: 78
Description
When executing a command, never use unchecked variables. Make sure that each variable in the command has been checked.
Non-Compliant Code Examples
childprocess.exec(`mv ${src} ${dst}`, (error, stdout, stderr) => {});
childprocess.exec('mv ' + src + " " + dst, (error, stdout, stderr) => {});
Compliant Code Examples
childprocess.exec('mv /tmp/src /tmp/dst', (error, stdout, stderr) => {});
Seamless integrations. Try Datadog Code Analysis