MetaCredo.
View Source
Detects System.cmd, os:cmd, :os.cmd, or similar execution calls
with user-controlled arguments. Passing user input to system commands
can lead to command injection vulnerabilities.
Use allow-lists, sanitize inputs, or avoid shelling out entirely.
Category: Warning / Priority: high