Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-4829

Reading the Standard Input is security-sensitive

    Details

    • Type: Security Hotspot Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Make sure that reading the standard input is safe here.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      C, C++, Cobol, Go, Kotlin, Objective-C, PL/I, RPG, Ruby, Rust, Scala, Swift, TypeScript, VB6
    • Covered Languages:
      C#, Java, JavaScript, PHP, Python, VB.Net
    • Irrelevant for Languages:
      APEX, CSS, HTML, PL/SQL, T-SQL, XML
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-20

      Description

      Reading Standard Input is security-sensitive. It has led in the past to the following vulnerabilities:

      It is common for attackers to craft inputs enabling them to exploit software vulnerabilities. Thus any data read from the standard input (stdin) can be dangerous and should be validated.

      This rule flags code that reads from the standard input.

      Ask Yourself Whether

      • data read from the standard input is not sanitized before being used.

      You are at risk if you answered yes to this question.

      Recommended Secure Coding Practices

      Sanitize all data read from the standard input before using it.

      See:

        Attachments

          Issue Links

          1.
          java RSPEC-4854 Language-Specification Active Unassigned
          2.
          C# RSPEC-4892 Language-Specification Active Unassigned
          3.
          VB.NET RSPEC-4967 Language-Specification Active Unassigned
          4.
          JavaScript RSPEC-5085 Language-Specification Active Unassigned
          5.
          PHP RSPEC-5101 Language-Specification Active Unassigned
          6.
          Python RSPEC-5198 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nicolas.harraudeau Nicolas Harraudeau
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: