CX Command_Injection @ projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py [master]

**Command_Injection** issue exists @ **projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py** in branch **master**

*The application's input method calls an OS (shell) command with input, at line 17 of projects\Terminal_progress_bar_with_images_resizing\progress_bar_ with_images_resizing.py, using an untrusted string with the command to execute. &nbsp;This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.The attacker may be able to inject the executed command via user input, input, which is retrieved by the application in the input method, at line 17 of projects\Terminal_progress_bar_with_images_resizing\progress_bar_ with_images_resizing.py.Similarity ID: -930650913

The application's input method calls an OS (shell) command with input, at line 18 of projects\Terminal_progress_bar_with_images_resizing\progress_bar_ with_images_resizing.py, using an untrusted string with the command to execute. &nbsp;This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.The attacker may be able to inject the executed command via user input, input, which is retrieved by the application in the input method, at line 18 of projects\Terminal_progress_bar_with_images_resizing\progress_bar_ with_images_resizing.py.Similarity ID: 1630544287*

Severity: High

CWE:77

[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/77.html)

[Internal Guidance](https://custodela.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)

[Checkmarx](http://ec2amaz-3tsivek/CxWebClient/ViewerMain.aspx?scanid=1000008&projectid=4&pathid=31)

[Training](https://checkmarx-demo.codebashing.com/courses/)
[Recommended Fix](http://ec2amaz-3tsivek/CxWebClient/ScanQueryDescription.aspx?queryID=3101&queryVersionCode=85860858&queryTitle=Command_Injection)

Lines: [17](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py#L17) [18](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py#L18) 

---
[Code (Line #17):](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py#L17)
```
path = input("Enter Path to images : ")
```
---
[Code (Line #18):](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py#L18)
```
size = input("Size Height , Width : ")
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CX Command_Injection @ projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py [master] #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX Command_Injection @ projects/Terminal_progress_bar_with_images_resizing/progress_bar_ with_images_resizing.py [master] #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions