Security: Detect PowerShell/Ruby/Perl command execution

[ProduktEntdecker]

Bypass Description

Alternative interpreters can execute install commands:

pwsh -c "npm install malicious"
ruby -e "system('npm install evil')"
perl -e "exec('pip install malware')"

Difficulty: Medium

Need to add detection for pwsh, ruby -e, perl -e patterns.

Priority: Medium

---

Found in security audit 2024-01-06

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and prompts that you can use with your favorite coding agent.

• Create Plan

Examples

• Example 1
• Example 2

---

🔗 Related PRs

#7 - fix(parser): prevent command chaining bypass vulnerability [closed]

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!