Untrusted input used in security decision

Description

Untrusted input flows into security-sensitive operation '$SINK'. Values from std::env functions (args, current_exe, temp_dir) can be manipulated by users and should not be trusted for security-critical decisions. Validate against an allowlist or use a safer alternative.

Rationale

Untrusted input flows into security-sensitive operation '$SINK'. Values from std::env functions (args, current_exe, temp_dir) can be manipulated by users and should not be trusted for security-critical decisions. Validate against an allowlist or use a safer alternative.

The following code illustrates a vulnerable pattern detected by this rule:

fn bad_command_from_args() {
    // VULNERABLE: Untrusted input used in security decision
    let args: Vec<String> = std::env::args().collect();
    let program = &args[1];
    Command::new(program).spawn().unwrap();
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

Untrusted input used in security decision

Description

Rationale

Remediation

Configuration

References