Reliance on Untrusted Inputs in a Security Decision
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-807: Reliance on Untrusted Inputs in a Security Decision |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using std::env::args() for security-related decisions is unsafe because command-line arguments can be easily manipulated by users and are not guaranteed to reflect the true executable path or intent. Relying on these values for authentication, authorization, or other security checks can introduce vulnerabilities.
Impact#
If an attacker can control or spoof command-line arguments, they might bypass security checks, gain unauthorized access, or cause the application to behave unexpectedly. This could lead to privilege escalation or unauthorized actions within the system.