privilege-escalation-methods

Add input validation between the user-controlled data source and the security-sensitive sink (e.g., file writes, command execution). Implement allowlisting for acceptable input patterns.

Likely FP if the user input passes through explicit validation or sanitization before reaching the sensitive operation, and the taint tracker missed the sanitization step.

Avoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.

Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.

Avoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.

Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.

Avoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.

Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.

Avoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.

Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.

Avoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.

Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.

Avoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.

Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.

Avoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.

Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.

Restrict PowerShell execution to specific allowlisted commands. Use -ExecutionPolicy Restricted and avoid Invoke-Expression with dynamic strings.

Likely FP if the match is in documentation showing PowerShell setup for a legitimate tool (e.g., installing a module via Install-Module).

Pass arguments as an explicit list instead of a shell string. Set shell=False and validate all user-supplied values before inclusion.

Likely FP if the match is in documentation explaining Python subprocess usage or in a description mentioning it as a topic.

Validate cron expressions and scheduled commands against an allowlist. Ensure scheduled tasks cannot be modified by untrusted input and log all cron job changes.

Likely FP if the match is a documentation reference to crontab syntax or a short mention of cron in a description of scheduling concepts.