# Improper Control of Generation of Code ('Code Injection') (CWE-94)

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

**Stack:** Python

- Prevalence: उच्च बार-बार शोषित
- Impact: क्रिटिकल 6 क्रिटिकल गंभीरता वाले नियम
- Prevention: प्रलेखित 10 फिक्स उदाहरण

**OWASP:** Injection (A03:2021-Injection) - #3

## Description

When software allows a user's input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the software. Such an alteration could lead to arbitrary code execution.

## Prevention

4 Shoulder डिटेक्शन नियमों पर आधारित Code Injection के लिए रोकथाम रणनीतियाँ।

### Key Practices

- avoided or heavily restricted
- treated as untrusted input since:
- Prompt injection attacks can manipulate AI responses
- LLMs can hallucinate and produce unexpected outputs
- Model behavior may change between versions

Dangerous operations include:
- Code execution (eval, exec, compile)
- Command execution (os

### Python

Use ast.literal_eval() for safe evaluation or avoid eval/exec entirely

Replace eval/exec with ast.literal_eval, JSON parsing, or subprocess with shell=False

Validate and sanitize LLM outputs with Pydantic before using in dangerous operations like eval, exec, or SQL

## Warning Signs

- [HIGH] LLM/AI outputs being used directly in dangerous operations without proper
validation or sanitization
- [CRITICAL] untrusted user input flowing into code evaluation functions
(eval, exec, compile)
- [CRITICAL] usage of dangerous Python functions that can lead to arbitrary code
execution: eval(), exec(), compi
- [CRITICAL] user input used directly in template rendering, allowing arbitrary
code execution

## Consequences

- अनधिकृत कोड निष्पादित करना
- एप्लिकेशन डेटा पढ़ना
- एप्लिकेशन डेटा संशोधित करना

## Mitigations

- eval() या समतुल्य फ़ंक्शनों के उपयोग से बचने के लिए कोड को रिफ़ैक्टर करें
- कोड को ऐसे सैंडबॉक्स में चलाएँ जो सख्त सीमाएँ लागू करता हो
- जहां संभव हो, स्थैतिक टाइप जाँच का उपयोग करें

## Detection

- Total rules: 10
- Critical: 6
- Languages: go, javascript, typescript, python

## Rules by Language

### Python (4 rules)

- **Code Injection via eval/exec** [CRITICAL]: Detects untrusted user input flowing into code evaluation functions
(eval, exec, compile).
  - Remediation: Use ast.literal_eval() for safe evaluation of literals.

```python
import ast
parsed = ast.literal_eval(user_input)
```

Learn more: https://shoulder.dev/learn/python/cwe-94/code-injection
- **Dangerous Function Usage** [CRITICAL]: Detects usage of dangerous Python functions that can lead to arbitrary code
execution: eval(), exec(), compile(), __import__() with user input, or
pickle deserialization. These should be avoided or heavily restricted.
  - Remediation: Use ast.literal_eval() for safe literal evaluation, JSON for serialization, and subprocess with shell=False.

```python
import ast
import json
import subprocess

# Safe literal evaluation (numbers, strings, lists, dicts only)
result = ast.literal_eval(user_input)

# Safe serialization (use JSON instead of pickle)
data = json.loads(user_input)

# Safe subprocess (use argument list, not shell)
subprocess.run(['ping', '-c', '1', host], shell=False, timeout=30)
```

Learn more: https://shoulder.dev/learn/python/cwe-94/dangerous-functions
- **LLM Insecure Output Handling** [HIGH]: Detects LLM/AI outputs being used directly in dangerous operations without proper
validation or sanitization. OWASP LLM02 - Insecure Output Handling.

LLM outputs should be treated as untrusted input since:
- Prompt injection attacks can manipulate AI responses
- LLMs can hallucinate and produce unexpected outputs
- Model behavior may change between versions

Dangerous operations include:
- Code execution (eval, exec, compile)
- Command execution (os.system, subprocess)
- SQL queries (cursor.exe
  - Remediation: Validate LLM outputs with Pydantic before using in sensitive operations.

```python
from pydantic import BaseModel, validator
import re

class SearchResponse(BaseModel):
    terms: list[str]

    @validator('terms', each_item=True)
    def validate_term(cls, v):
        if not re.match(r'^[a-zA-Z0-9\s]+$', v):
            raise ValueError('Invalid search term')
        return v

validated = SearchResponse.parse_raw(response.choices[0].message.content)
```

Learn more: https://shoulder.dev/learn/python/cwe-94/llm-insecure-output-handling
- **Server-Side Template Injection (SSTI)** [CRITICAL]: Detects user input used directly in template rendering, allowing arbitrary
code execution.
  - Remediation: Use template files with render_template(), not render_template_string().

```python
return render_template('page.html', name=user_name)
```

Learn more: https://shoulder.dev/learn/python/cwe-94/ssti