When you execute shell commands with user-defined inputs in PHP, it leaves your application open to shell injection attacks. In these attacks, a malicious user can manipulate the input to execute arbitrary shell commands, which can lead to unauthorized access, data leakage, or even system compromise.
To ensure the safety of your application, it’s important to avoid using user-defined input directly in shell commands. Instead, use built-in PHP functions that can perform the required task without the need for executing shell commands. If there’s a need to use shell commands, make sure to sanitize and validate the user input thoroughly before using it.
Non-Compliant Code Examples
<?phpecho`ping -n 3 {$user_input}`;
Compliant Code Examples
<?phpecho`ping -n 3 domain.tld`;
원활한 통합. Datadog Code Security를 경험해 보세요
Datadog Code Security
이 규칙을 사용해 Datadog Code Security로 코드를 분석하세요
규칙 사용 방법
1
2
rulesets:- php-security # Rules to enforce PHP security.
리포지토리 루트에 위의 내용을 포함하는 static-analysis.datadog.yml을 만듭니다
무료 IDE 플러그인을 사용하거나 CI 파이프라인에 Code Security 검사를 추가합니다