GuardAPI Logo
GuardAPI
Automated Security Protocol

How to fix Command Injection
in Salvo

Executive Summary

Command injection in Rust's Salvo framework typically occurs when user-supplied data is concatenated into shell commands executed via 'std::process::Command'. If an attacker can inject shell metacharacters like ';', '&', or '|', they can execute arbitrary code on the underlying host. The fix involves moving away from shell execution strings and using discrete argument passing.

The Vulnerable Pattern

VULNERABLE CODE
use salvo::prelude::*;
use std::process::Command;

#[handler]
async fn ping_host(req: &mut Request, res: &mut Response) {
let host = req.query::(“host”).unwrap_or_default();
// VULNERABLE: Direct string interpolation into a shell context
let output = Command::new(“sh”)
.arg(“-c”)
.arg(format!(“ping -c 3 {}”, host))
.output();


match output {
    Ok(o) => res.render(String::from_utf8_lossy(&o.stdout)),
    Err(_) => res.set_status_code(StatusCode::INTERNAL_SERVER_ERROR),
}


}

The Secure Implementation

The vulnerable code invokes a shell ('sh -c') and passes a formatted string. An attacker could provide input like '127.0.0.1; cat /etc/passwd' to execute secondary commands. The secure version calls the binary directly ('ping') and passes the input as a discrete argument via '.arg()'. This prevents the OS from interpreting shell metacharacters within the input, effectively neutralizing the injection vector.

SECURE CODE
use salvo::prelude::*;
use std::process::Command;

#[handler]
async fn ping_host(req: &mut Request, res: &mut Response) {
let host = req.query::(“host”).unwrap_or_default();


// SECURE: Pass arguments individually to avoid shell interpretation
// Also, validate input format (e.g., regex for IP/hostname)
let output = Command::new("ping")
    .arg("-c")
    .arg("3")
    .arg(&host) // Input is treated as a literal argument, not part of a command string
    .output();

match output {
    Ok(o) => res.render(String::from_utf8_lossy(&o.stdout)),
    Err(_) => res.set_status_code(StatusCode::INTERNAL_SERVER_ERROR),
}


}

System Alert • ID: 3956
Target: Salvo API
Potential Vulnerability

Your Salvo API might be exposed to Command Injection

74% of Salvo apps fail this check. Hackers use automated scanners to find this specific flaw. Check your codebase before they do.

RUN FREE SECURITY DIAGNOSTIC
GuardLabs Engine: ONLINE

Free Tier • No Credit Card • Instant Report

Verified by Ghost Labs Security Team

This content is continuously validated by our automated security engine and reviewed by our research team. Ghost Labs analyzes over 500+ vulnerability patterns across 40+ frameworks to provide up-to-date remediation strategies.

About GuardLabs → Follow us on X