TechQA.

Javascript Command_Injection Vulnerability

138 views Asked by At

I have below code in my js file, Checkmarx flagged a command injection vulnerability at execSync('scripts/beautify_yaml.sh '+ yamlPath).toString();

function beautifyYaml(yamlPath) {
    return execSync('scripts/beautify_yaml.sh '+ yamlPath).toString();
}

I added a validation check before execSync function but checkmarx still flags the same command injection issue at execSync function. Is there another way to resolve command injection issue at line execSync('scripts/beautify_yaml.sh '+ yamlPath).toString();

Validation check:

function beautifyYaml(yamlPath) {
    const reg = new RegExp("^[a-zA-Z0-9\-_.\/]+$");
    if (!reg.test(yamlPath)) {
        throw new Error('Invalid YAML file path.');
    }
    return execSync('scripts/beautify_yaml.sh '+ yamlPath).toString();
}
javascript security checkmarx commandinjection
Original Q&A
0

There are 0 answers

Related Questions in JAVASCRIPT

Related Questions in SECURITY

Related Questions in CHECKMARX

Related Questions in COMMANDINJECTION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions