sudo does not affect redirects

Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST Rules > sudo does not affect redirects

Metadata

ID: bash-security/sudo-does-not-affect-redirection

Language: Bash

Severity: Warning

Category: Security

CWE: 269

Description

Redirects occur in the current shell context, not under sudo, possibly causing permission issues.

To write to a privileged file: cmd | sudo tee file > /dev/null To append to a privileged file: cmd | sudo tee -a file > /dev/null To read from a privileged file: sudo cat file | cmd

If you intentionally want to redirect as the current user while running the command as root, this message can be ignored.

Non-Compliant Code Examples

#!/bin/bash
sudo echo 3 > /proc/sys/vm/drop_caches
sudo echo 'export FOO=bar' >> /etc/profile
sudo wc -l < /etc/shadow
/usr/bin/sudo echo 3 > /proc/sys/vm/drop_caches
{ sudo echo 'export FOO=bar'; } >> /etc/profile
(sudo wc -l) < /etc/shadow

Compliant Code Examples

#!/bin/bash
echo 3 | sudo tee /proc/sys/vm/drop_caches > /dev/null
echo 'export FOO=bar' | sudo tee -a /etc/profile > /dev/null
sudo cat /etc/shadow | wc -l
sudo chmod 755 /etc/myfile
echo "data" > /tmp/file
sudo systemctl restart nginx 2>/dev/null
sudo cmd > /dev/null
{ sudo cmd; } > /dev/null
(echo 3 | sudo tee /proc/sys/vm/drop_caches) > /dev/null
sudo cmd >&2
{ sudo cmd; } 2>&1 | tee -a "~/dir/file.log"

sudo does not affect redirects

Metadata

Description

Non-Compliant Code Examples

Compliant Code Examples

How can I help you today?