Injection: Command Injection¶

Identifier: command

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Command injection happens when a program lets a user input affect system commands without proper checks, so an attacker can sneak in and run any command they want. This is really dangerous because it gives an attacker full control over parts of your systemimagine someone being able to delete files or steal data by exploiting a weak point in your app. It often occurs because developers assume user input is safe, and they dont properly filter or validate whats coming in. The impact can be severe, affecting data confidentiality and system integrity, and potentially turning your server into a launching pad for further attacks.

References:

https://owasp.org/www-community/attacks/Command_Injection

Configuration¶

Example¶

Example configuration:

---
security_tests:
  command:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.