---
title: Use find -print0 with xargs -0 for safe path boundaries
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST
  Rules > Use find -print0 with xargs -0 for safe path boundaries
---

# Use find -print0 with xargs -0 for safe path boundaries

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**ID:** `bash-security/use-print0-with-xargs`

**Language:** Bash

**Severity:** Warning

**Category:** Security

**CWE**: [88](https://cwe.mitre.org/data/definitions/88.html)

## Description{% #description %}

`xargs` splits input on whitespace by default, so paths with spaces, quotes, or newlines are mangled or split into wrong arguments (CWE-88). When `find` output is piped into `xargs`, use `find -print0` and `xargs -0` or `xargs --null`, or use `find -exec ... +` instead of a pipe.

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```bash
#!/bin/bash
find . -type f | xargs md5sum
find . -print0 | xargs cat
find . -type f | xargs -0 cat
find . | /bin/xargs rm
find . -type f | grep '\.log$' | xargs rm
```

## Compliant Code Examples{% #compliant-code-examples %}

```bash
#!/bin/bash
find . -type f -print0 | xargs -0 md5sum
find . -name '*.txt' -print0 | xargs --null cat
/usr/bin/find . -print0 | /usr/bin/xargs -0 echo
find . -type f -exec md5sum {} +
find . -type f | head
find . -type f -name build.log -print0 | xargs -0 ls -tr | tail -n1 | xargs cat
```
  Seamless integrations. Try Datadog Code SecurityDatadog Code Security 
{% icon name="icon-external-link" /%}