pub fn command_injection(input: &str) -> StringExpand description
Generates command injection variations for OS command injection testing.
Randomly inserts OS command separators (;, |, ||, &&, &, backticks, $())
between words with 33% probability. These separators can chain commands together,
useful for testing command injection vulnerabilities where user input is passed
to shell commands.
§Use Cases
- Red Team: Test OS command injection vulnerabilities
- Shell Injection: Inject additional commands into system calls
- Input Validation: Test if systems properly sanitize shell metacharacters
- Blue Team: Validate command injection prevention
§Examples
use redstr::command_injection;
let result = command_injection("ping example.com");
// Example: "ping;example.com" or "ping|example.com" (varies each run)
assert!(result.contains("ping") && result.len() >= "ping example.com".len());
// Chaining commands
let cmd = command_injection("ls -la");
// Example: "ls;-la" or "ls|-la"
// Could execute: ls; cat /etc/passwd
// Web application command injection
let input = command_injection("192.168.1.1");
// Example: "192.168.1.1;cat /etc/passwd"
// Tests: ping 192.168.1.1; cat /etc/passwd