Metadata

ID: bash-security/avoid-parsing-ps-output

Language: Bash

Severity: Warning

Category: Security

CWE: 88

Description

Text from ps depends on locale, column layout, and flags, so piping it into tools that match or reshape lines is easy to get wrong and can match unrelated fields (CWE-88). Prefer pgrep / pkill when you only need PIDs or simple patterns, or read /proc where appropriate. If you need fields ps provides, combine pgrep to select PIDs with a focused ps -p (or similar) instead of grepping full ps listings.

Non-Compliant Code Examples

#!/bin/bash
ps ax | grep foo
/bin/ps -ef | grep -v grep
ps aux | awk '{print $2}'
ps -eo pid,cmd | sed -n '1p'
ps | cut -d' ' -f1
ps | perl -ne 'print if /foo/'
ps |& grep bar

Compliant Code Examples

#!/bin/bash
ps
pgrep -f myservice
pkill -f oldworker
ps -p "$(pgrep -x sshd)" -o user=
psql -c 'select 1' | grep foo
ps -eo user,pid,%cpu,comm | awk -v usr="$user" '$1==usr'

Seamless integrations. Try Datadog Code Security

Datadog Code Security