Code Injection
User input is evaluated as code — eval(), Function(), exec(), or template engines that allow expression execution.
GateTest coverage
Caught by: security, crossFileTaint
Example
const result = eval(req.body.expression) — attacker passes 'process.exit(1)' and your server falls over (best case).
How to fix it
Never use eval / new Function with user input. For dynamic logic, use a sandboxed expression evaluator (mathjs, jsep) with an explicit allowed-function list. security and crossFileTaint flag eval / new Function sinks.
Scan your repo for CWE-94
Free preview of findings. Pay per scan — no subscription. AI auto-fix PR included on the Scan + Fix tier.
Frequently asked questions
What is CWE-94 (Code Injection)?
User input is evaluated as code — eval(), Function(), exec(), or template engines that allow expression execution.
How do I fix code injection?
Never use eval / new Function with user input. For dynamic logic, use a sandboxed expression evaluator (mathjs, jsep) with an explicit allowed-function list. security and crossFileTaint flag eval / new Function sinks.
Does GateTest detect code injection?
Yes — GateTest's security, crossFileTaint modules catch this class. Findings appear in the standard scan output with file and line numbers. On Scan + Fix and Forensic Scan tiers, Claude opens a pull request with the fix.
What rank is Code Injection in the CWE Top 25?
Code Injection is ranked #23 in the MITRE 2023 CWE Top 25 Most Dangerous Software Weaknesses list. The ranking reflects both prevalence (how often it appears in real CVEs) and severity (the typical impact when it's exploited).