Avoid shell invocation via Command | Critiq Docs

#Metadata

Rule ID: rust.security.shell-command-spawn
Severity: high
Confidence: 0.85
Languages: rust
Presets: security, strict
Stability: experimental
Applies to: block
Tags: command-injection, rules-catalog, rust, security, shell

#Why it matters

Shell interpretation expands attacker-controlled input into arbitrary command execution.

#Remediation

Invoke binaries directly with explicit arguments instead of routing through a shell.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/rust/rust.security.shell-command-spawn.rule.yaml.

Back to directory Open rule in repository