Skip to content

Latest commit

 

History

History
18 lines (13 loc) · 718 Bytes

detect-child-process.md

File metadata and controls

18 lines (13 loc) · 718 Bytes

Pattern: Unsafe use of child_process

Issue: -

Description

Detects usages of child_process and especially child_process.exec() with a non-literal first argument. It is dangerous to pass a string constructed at runtime as the first argument to the child_process.exec(). child_process.exec(cmd) runs cmd as a shell command which could allow an attacker to execute malicious code injected into cmd. Instead of child_process.exec(cmd) you should use child_process.spawn(cmd) or specify the command as a literal, e.g. child_process.exec('ls').

Further Reading