deepanjanpal opened a new issue #2391: URL: https://github.com/apache/bookkeeper/issues/2391
**Static Source Code Security Scanner showing Command Injection vulnerability in Bookkeeper** ***OS Command Injection in Bookkeeper*** A clear and concise description of what the bug is. ***To Reproduce*** Steps to reproduce the behavior: 1. Launch a source code scan with Checkmarx Static Code Scanner 2. After completion of source code scan , tool throws OS command injection vulnerability against the files mentioned in the attached document. ***Expected behavior*** OS Command Injection vulnerability should not be present in any files of Bookkeeper. All user input should be sanitized to check for any OS commands and either whitelist or blacklist those commands. [Pravega_Bookkeeper_OS Command Injection.xlsx](https://github.com/apache/bookkeeper/files/4994467/Pravega_Bookkeeper_OS.Command.Injection.xlsx) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
