Injection: Command Injection¶

Identifier: frontend_command_injection

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Command injection vulnerabilities occur when frontend applications allow user input to affect system commands without proper validation, potentially giving attackers control over parts of the system.

How we test: We inject command injection payloads into frontend request parameters and analyze responses to detect if system commands are executed. We test for various command injection techniques and check if user input is properly sanitized before being used in command execution.

References:

https://owasp.org/www-community/attacks/Command_Injection

Configuration¶

Example¶

Example configuration:

---
security_tests:
  frontend_command_injection:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.