Test SAST PR Scan [skip ci] #3
Conversation
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
There was a problem hiding this comment.
Unsafe Subprocess Command Execution (CWE-78)
More Details
This rule detects instances where user-controlled data is passed to the subprocess module in Python, which could lead to command injection vulnerabilities. Command injection allows an attacker to execute arbitrary system commands on the server, potentially leading to data theft, system compromise, or other malicious actions.
When user input is passed unsanitized to subprocess functions like subprocess.run(), subprocess.call(), or subprocess.Popen(), an attacker could craft input that causes the application to execute unintended system commands. This presents a significant security risk, as the attacker can potentially gain full control over the system.
To avoid this vulnerability, user input should be properly sanitized and validated before being passed to subprocess functions. Alternatively, consider using safer methods that do not involve executing external commands, or implement strict input validation and whitelisting mechanisms.
| Attribute | Value |
|---|---|
| Impact |  |
| Likelihood |  |
Rule ID: WS-I013-PYTHON-00193
There was a problem hiding this comment.
Unsafe Subprocess Command Execution (CWE-78)
More Details
This rule detects instances where user-controlled data is passed to the subprocess module in Python, which could lead to command injection vulnerabilities. Command injection allows an attacker to execute arbitrary system commands on the server, potentially leading to data theft, system compromise, or other malicious actions.
When user input is passed unsanitized to subprocess functions like subprocess.run(), subprocess.call(), or subprocess.Popen(), an attacker could craft input that causes the application to execute unintended system commands. This presents a significant security risk, as the attacker can potentially gain full control over the system.
To avoid this vulnerability, user input should be properly sanitized and validated before being passed to subprocess functions. Alternatively, consider using safer methods that do not involve executing external commands, or implement strict input validation and whitelisting mechanisms.
| Attribute | Value |
|---|---|
| Impact | |
| Likelihood | |
Rule ID: WS-I013-PYTHON-00193
There was a problem hiding this comment.
Unsafe Subprocess Command Execution (CWE-78)
More Details
This rule detects instances where user-controlled data is passed to the subprocess module in Python, which could lead to command injection vulnerabilities. Command injection allows an attacker to execute arbitrary system commands on the server, potentially leading to data theft, system compromise, or other malicious actions.
When user input is passed unsanitized to subprocess functions like subprocess.run(), subprocess.call(), or subprocess.Popen(), an attacker could craft input that causes the application to execute unintended system commands. This presents a significant security risk, as the attacker can potentially gain full control over the system.
To avoid this vulnerability, user input should be properly sanitized and validated before being passed to subprocess functions. Alternatively, consider using safer methods that do not involve executing external commands, or implement strict input validation and whitelisting mechanisms.
| Attribute | Value |
|---|---|
| Impact | |
| Likelihood | |
Rule ID: WS-I013-PYTHON-00193
No description provided.