Command Injection
Like OS Command Injection (CWE-78) but broader — any interpreter that builds commands from input is vulnerable.
GateTest coverage
Caught by: security, crossFileTaint
Example
subprocess.run('git pull origin ' + branch, shell=True)How to fix it
Use args arrays, not shell strings. Validate against allowlists. crossFileTaint flags taint reaching exec/spawn.
Scan your repo for CWE-77
Free preview of findings. Pay per scan — no subscription. AI auto-fix PR included on the Scan + Fix tier.
Frequently asked questions
What is CWE-77 (Command Injection)?
Like OS Command Injection (CWE-78) but broader — any interpreter that builds commands from input is vulnerable.
How do I fix command injection?
Use args arrays, not shell strings. Validate against allowlists. crossFileTaint flags taint reaching exec/spawn.
Does GateTest detect command injection?
Yes — GateTest's security, crossFileTaint modules catch this class. Findings appear in the standard scan output with file and line numbers. On Scan + Fix and Forensic Scan tiers, Claude opens a pull request with the fix.
What rank is Command Injection in the CWE Top 25?
Command Injection is ranked #16 in the MITRE 2023 CWE Top 25 Most Dangerous Software Weaknesses list. The ranking reflects both prevalence (how often it appears in real CVEs) and severity (the typical impact when it's exploited).