- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: go-security/command-injection
Language: Go
Severity: Warning
Category: Security
CWE: 78
In Go, the exec.Command
function is used to run external commands. Using this function carelessly can lead to command injection vulnerabilities.
Command injection occurs when untrusted input is passed directly to a system shell, allowing an attacker to execute arbitrary commands. This can result in unauthorized access to the system, data leaks, or other security breaches.
To prevent command injection vulnerabilities when using exec.Command
in Go, follow these coding best practices:
exec.Command
. Avoid executing commands constructed using user-provided data.exec.Command
. This prevents the shell from interpreting special characters in a potentially malicious way.arg ...string
parameter of exec.Command
to pass arguments safely.By following these practices, you can reduce the risk of command injection vulnerabilities when using exec.Command
in Go and enhance the security of your application.
import (
"context"
"os"
"os/exec"
)
func main() {
directory := os.Args[1]
ctx := context.Background()
cmd := exec.CommandContext(ctx, "/bin/ls", directory)
output, err := cmd.CombinedOutput()
}
import (
"os"
"os/exec"
)
func main() {
directory1 := os.Args[1]
directory2 := os.Args[2]
cmd := exec.Command("/bin/ls", directory1, directory2)
output, err := cmd.CombinedOutput()
}
import (
"os/exec"
)
func main () {
res, err := exec.Command("/bin/ls", "something")
}
import (
"context"
"os/exec"
)
func main () {
ctx := context.Background()
res, err := exec.CommandContext(ctx, "/bin/ls")
}