このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: typescript-node-security/command-injection

Language: TypeScript

Severity: Warning

Category: Security

CWE: 78

Description

When executing a command, never use unchecked variables. Make sure that each variable of the command has been checked.

Non-Compliant Code Examples

childprocess.exec(`mv ${src} ${dst}`, (error, stdout, stderr) => {});
childprocess.exec('mv ' + src + " " + dst, (error, stdout, stderr) => {});

Compliant Code Examples

childprocess.exec('mv /tmp/src /tmp/dst', (error, stdout, stderr) => {});
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis