codacy · DMarinhoCodacy · May 22, 2026 · May 22, 2026 · May 22, 2026 · May 22, 2026
diff --git a/docs/codacy-rules.yaml b/docs/codacy-rules.yaml
@@ -624,3 +624,27 @@ rules:
       confidence: HIGH
       references:
         - https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/
+  - id: codacy.c.security.avoid-std-system
+    languages: 
+      - cpp
+      - c
+    severity: WARNING
+    message: >
+      Detected a call to the standard `system()` function. This is dangerous 
+      as it can lead to Command Injection if untrusted input is passed. 
+      Ensure you are using safe alternatives or properly validating/sanitizing any input used in system calls.
+    patterns:
+      # Catch standard system calls, whether global or explicitly in std::
+      - pattern-either:
+          - pattern: system(...)
+          - pattern: std::system(...)
+          - pattern: ::system(...)
+      # Explicitly ignore calls to your custom namespace
+      - pattern-not: osutility::system(...)
+    metadata:
+      category: security
+      description: >
+        Detects calls to the standard `system()` function which can lead to Command Injection vulnerabilities.
+        Ensure safe alternatives or proper input validation/sanitization is used.
+      impact: MEDIUM
+      confidence: HIGH
diff --git a/docs/multiple-tests/codacy-rules/results.xml b/docs/multiple-tests/codacy-rules/results.xml
@@ -56,4 +56,9 @@
     <file name="codacy-shell.sh"> 
         <error source="codacy.bash.security.hard-coded-password" line="1" message="Hardcoded passwords are a security risk." severity="error" />
     </file>
+    <file name="codacy-c-avoid-std-system"> 
+        <error source="codacy.c.security.avoid-std-system" line="26" message="Detected a call to the standard `system()` function. This is dangerous as it can lead to Command Injection if untrusted input is passed." severity="warning" />
+        <error source="codacy.c.security.avoid-std-system" line="29" message="Detected a call to the standard `system()` function. This is dangerous as it can lead to Command Injection if untrusted input is passed." severity="warning" />
+        <error source="codacy.c.security.avoid-std-system" line="32" message="Detected a call to the standard `system()` function. This is dangerous as it can lead to Command Injection if untrusted input is passed." severity="warning" />
+    </file>
 </checkstyle>
diff --git a/docs/multiple-tests/codacy-rules/src/codacy-c-avoid-std-system.c b/docs/multiple-tests/codacy-rules/src/codacy-c-avoid-std-system.c
@@ -0,0 +1,35 @@
+#include <iostream>
+#include <cstdlib>
+#include <string>
+#include <cstdint>
+
+namespace newNamespace {
+    using String_t = std::string;
+}
+
+namespace osutility {
+    // [SHOULD NOT FLAG]: This is a definition.
+    std::int32_t system(const newNamespace::String_t& cmd, newNamespace::String_t& output) {
+        output = "Executed safely: " + cmd;
+        return 0; // Success
+    }
+}
+
+int main() {
+    newNamespace::String_t my_cmd = "ls -la";
+    newNamespace::String_t my_out;
+
+    // [SHOULD NOT FLAG]: Custom system function in osutility namespace
+    osutility::system(my_cmd, my_out);
+
+    // [SHOULD FLAG]: Standard global system call
+    system("echo 'This is dangerous'");
+
+    // [SHOULD FLAG]: Explicit standard namespace system call
+    std::system("echo 'This is also dangerous'");
+
+    // [SHOULD FLAG]: Explicit global namespace system call
+    ::system("echo 'Still dangerous'");
+
+    return 0;
+}