Use find -print0 with xargs -0 for safe path boundaries

This product is not supported for your selected Datadog site. ().

Metadata

ID: bash-security/use-print0-with-xargs

Language: Bash

Severity: Warning

Category: Security

CWE: 88

Description

xargs splits input on whitespace by default, so paths with spaces, quotes, or newlines are mangled or split into wrong arguments (CWE-88). When find output is piped into xargs, use find -print0 and xargs -0 or xargs --null, or use find -exec ... + instead of a pipe.

Non-Compliant Code Examples

#!/bin/bash
find . -type f | xargs md5sum
find . -print0 | xargs cat
find . -type f | xargs -0 cat
find . | /bin/xargs rm
find . -type f | grep '\.log$' | xargs rm

Compliant Code Examples

#!/bin/bash
find . -type f -print0 | xargs -0 md5sum
find . -name '*.txt' -print0 | xargs --null cat
/usr/bin/find . -print0 | /usr/bin/xargs -0 echo
find . -type f -exec md5sum {} +
find . -type f | head
find . -type f -name build.log -print0 | xargs -0 ls -tr | tail -n1 | xargs cat
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Security

Datadog Code Security