4. Command Injection via Insecure Wrappers

4. Command Injection via Insecure Wrappers

Improperly validated inputs sent to shell commands (e.g., os.system()) allow RCE.

Example:

os.system(user_input)

Mitigation: 

  • Use subprocess.run([…]) safely
  • Apply allowlists and input validation
ON THIS PAGE