Merge pull request #100 from Ostorlab/command_injection

Adding command injection entry

WEB_SERVICE/WEB/_CRITICAL/COMMAND_INJECTION/description.md

@@ -0,0 +1,28 @@
+Command injection is a security breach that allows unauthorized execution of commands within a server's operating system. It occurs when an application inadvertently transfers unverified user inputs (from forms, cookies, HTTP headers, etc.) directly to the system shell. This enables attackers to execute their own commands, typically with the same permissions as the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
+
+### Examples
+
+#### Java
+
+```java
+String userInput = request.getParameter("input");
+Runtime.getRuntime().exec("ls " + userInput);
+```
+
+#### Javascript
+
+```javascript
+const userInput = req.body.input;
+const exec = require('child_process').exec;
+exec('ls ' + userInput, (error, stdout, stderr) => {
+  console.log(stdout);
+});
+```
+
+#### Php
+
+```php
+$userInput = $_GET['input'];
+system('ls ' . $userInput);
+```
+

WEB_SERVICE/WEB/_CRITICAL/COMMAND_INJECTION/meta.json

@@ -0,0 +1,25 @@
+{
+  "risk_rating": "critical",
+  "short_description": "The web server application is susceptible to a remote command injection vulnerability.",
+  "references": {
+    "OWASP":"https://owasp.org/www-community/attacks/Command_Injection"
+  },
+  "title": "Command Injection",
+  "privacy_issue": false,
+  "security_issue": true,
+  "categories": {
+    "CWE_TOP_25": [
+      "CWE_20",
+      "CWE_78"
+    ],
+    "GDPR": [
+      "ART_5",
+      "ART_32"
+    ],
+    "PCI_STANDARDS":[
+      "REQ_6_2",
+      "REQ_6_3",
+      "REQ_11_3"
+    ]
+  }
+}

WEB_SERVICE/WEB/_CRITICAL/COMMAND_INJECTION/recommendation.md

@@ -0,0 +1,57 @@
+To mitigate the command injection vulnerability, here are some recommendations:
+
+- __Input Validation and Sanitization__: Always validate and sanitize user inputs. Ensure that any user-supplied data passed to the system shell or command execution functions is sanitized and restricted to expected characters or patterns.
+
+
+- __Least Privilege Principle__: Run your application or services with the least possible privileges required to perform necessary actions. Avoid running services with superuser or administrator privileges.
+
+
+- __Avoid Executing User-Supplied Input__: Refrain from executing user-supplied data directly within commands or system shells. Validate and use whitelists or predefined options wherever possible.
+
+
+- __Use Security Libraries__: Employ security-focused libraries or frameworks that handle user inputs and command execution securely. These libraries often provide functions or methods that mitigate common vulnerabilities.
+
+### Examples
+
+#### Java
+
+```java
+Scanner scanner = new Scanner(System.in);
+
+System.out.print("Enter the file name: ");
+String userInput = scanner.nextLine(); // Takes user input
+
+// Sanitize user input to prevent command injection
+String sanitizedInput = userInput.replaceAll("[^A-Za-z0-9]", ""); // Example sanitization
+
+// Command execution
+ProcessBuilder processBuilder = new ProcessBuilder("ls", "-l", sanitizedInput);
+
+// Redirect error stream to output
+processBuilder.redirectErrorStream(true);
+
+Process process = processBuilder.start();
+```
+
+#### Php
+
+```php
+<?php
+// User-supplied filename
+$userInput = $_POST['filename']; // Example: 'file.txt'
+
+// Validate and sanitize user input
+if (preg_match('/^[a-zA-Z0-9_\.]+$/', $userInput)) { // Validate against alphanumeric and dot
+    // Safely escape the user input to prevent command injection
+    $escapedInput = escapeshellarg($userInput);
+
+    // Command execution using the sanitized input
+    $command = "ls -l " . $escapedInput;
+    $output = shell_exec($command);
+
+    echo "<pre>$output</pre>";
+} else {
+    echo "Invalid filename input!";
+}
+?>
+```