| Code | Severity | i18n | Experimental |
|---|---|---|---|
| unsafe-command | Warning |
sast_warnings.unsafe_command |
✅ |
Detects potentially dangerous use of child process execution functions from the child_process module. Spawning system-level commands can introduce security risks, especially if user-controlled input is involved or if the command itself is sensitive (e.g., tools that query or change system configurations).
Note
This rule is experimental. The list of suspicious commands is not exhaustive and will evolve over time.
The probe has different detection modes depending on the sensitivity level:
Detects usage of specific unsafe commands:
csrutil- System Integrity Protection configurationuname- System informationping- Network connectivity testingcurl- HTTP requests and downloads
Flags any usage of child_process execution methods, regardless of the command.
The probe monitors the following child_process methods:
child_process.spawn()child_process.spawnSync()child_process.exec()child_process.execSync()
import { spawn, exec } from "child_process";
// Detected in conservative mode: Known unsafe commands
spawn("csrutil", ["status"]);
spawn("uname", ["-a"]);
exec("ping google.com");
exec("curl https://malicious.com");
// Detected only in aggressive mode: Any command
spawn("ls", ["-la"]);
exec("echo hello");