cybersecurity · intermediate · ~15 min · safe pentest lab
Recognize an injection attempt for logging / alerting purposes.
Implement int contains_shell_special(const char *s) returning 1 if the input contains any of the shell metacharacters ;, &, |, \``, $, (, ), <, >, \n`. Otherwise 0.
Detection, not sanitisation. The fix for actual command injection is execvp with argv — never escape, never grep-and-allow.
int contains_shell_special(const char *s) {
/* TODO */
return 0;
}
Solve this exercise in the browser editor — compile and run against the test harness, no setup required.