diff --git a/rules/go/gosec/subproc/subproc.yml b/rules/go/gosec/subproc/subproc.yml
index d198b8017..d4378e76a 100644
--- a/rules/go/gosec/subproc/subproc.yml
+++ b/rules/go/gosec/subproc/subproc.yml
@@ -7,7 +7,7 @@ patterns:
       - variable: INPUT
         detection: go_shared_lang_dynamic_request_input
   - pattern: |
-      exec.Command($<INPUT>$<...>)
+      exec.Command($<...>$<INPUT>$<...>)
     filters:
       - variable: INPUT
         detection: go_shared_lang_dynamic_request_input
diff --git a/tests/go/gosec/subproc/subproc/__snapshots__/test.js.snap b/tests/go/gosec/subproc/subproc/__snapshots__/test.js.snap
index 2671ecca9..05611c09d 100644
--- a/tests/go/gosec/subproc/subproc/__snapshots__/test.js.snap
+++ b/tests/go/gosec/subproc/subproc/__snapshots__/test.js.snap
@@ -274,6 +274,40 @@ exports[`go_gosec_subproc_subproc test 1`] = `
       "fingerprint": "9f7b927d8c9e1a6c92e17fb2d6db3b18_7",
       "old_fingerprint": "c7b747c46d0e283c15b7386a8c801ea8_7",
       "code_extract": "\\terr := exec.CommandContext(context.Background(), os.Args[0], \\"5\\").Run()"
+    },
+    {
+      "cwe_ids": [
+        "95"
+      ],
+      "id": "go_gosec_subproc_subproc",
+      "title": "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
+      "description": "## Description\\n\\nOS command injection is a perilous vulnerability that has the potential to lead to full system compromise. Adversaries may exploit this flaw by feeding arbitrary commands or arguments intended for execution. This opens the door for unchecked operations, which could wreak havoc on the system or reveal sensitive information.\\n\\n## Remediations\\n\\n✅ Avoid User Input in OS Commands\\n\\nAlways steer clear of incorporating user input when formulating commands or their arguments, especially for functions responsible for OS command execution. This includes, but is not limited to, filenames provided during user uploads/downloads.\\n\\n✅ Hardcoded Argument Set\\n\\nEnsure your application exclusively uses a hardcoded set of arguments for OS command executions. If filenames are being passed to such functions, consider adopting a hash of the filename or another distinctive identifier.\\n\\n✅ Opt for Native Libraries\\n\\nDue to the inherent risks associated with third-party commands and the possibility of undisclosed attack vectors, prefer using native libraries that offer the same capabilities as opposed to resorting to OS system commands.\\n\\n✅ Specify Full Path in Windows\\n\\nIf the environment is Windows-based, always provide the complete path information when denoting the OS command. This circumvents potential vulnerabilities stemming from untrusted search paths (CWE-426).\\n\\n\`\`\`go\\nuserData := []byte(\\"user data\\")\\n// create a temporary file in the application-specific directory\\nf, err := ioutil.TempFile(\\"/var/app/restricted\\", \\"temp-*.dat\\")\\nif err != nil {\\n  log.Fatal(err)\\n}\\n\\nif _, err := f.Write(userData); err != nil {\\n  log.Fatal(err)\\n}\\n\\nif err := f.Close(); err != nil {\\n  log.Fatal(err)\\n}\\n\\n// use the absolute path to the binary and the name of the temporary file\\n// steering clear of any user-provided filenames\\nout, err := exec.Command(\\"/bin/cat\\", f.Name()).Output()\\nif err != nil {\\n  log.Fatal(err)\\n}\\n\`\`\`\\n\\n## Resources\\n\\n- [OWASP OS Command Injection Defense Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html)\\n",
+      "documentation_url": "https://docs.bearer.com/reference/rules/go_gosec_subproc_subproc",
+      "line_number": 127,
+      "full_filename": "/tmp/bearer-scan/main.go",
+      "filename": ".",
+      "source": {
+        "start": 127,
+        "end": 127,
+        "column": {
+          "start": 14,
+          "end": 51
+        }
+      },
+      "sink": {
+        "start": 127,
+        "end": 127,
+        "column": {
+          "start": 14,
+          "end": 51
+        },
+        "content": "exec.Command(\\"sh\\", \\"-c\\", commandLine)"
+      },
+      "parent_line_number": 127,
+      "snippet": "exec.Command(\\"sh\\", \\"-c\\", commandLine)",
+      "fingerprint": "9f7b927d8c9e1a6c92e17fb2d6db3b18_8",
+      "old_fingerprint": "c7b747c46d0e283c15b7386a8c801ea8_8",
+      "code_extract": "\\tres, err := exec.Command(\\"sh\\", \\"-c\\", commandLine).Output()"
     }
   ]
 }"
diff --git a/tests/go/gosec/subproc/subproc/testdata/main.go b/tests/go/gosec/subproc/subproc/testdata/main.go
index 8e9727b8d..347f38062 100644
--- a/tests/go/gosec/subproc/subproc/testdata/main.go
+++ b/tests/go/gosec/subproc/subproc/testdata/main.go
@@ -120,3 +120,14 @@ func foo14() {
 	}
 	log.Printf("Command finished with error: %v", err)
 }
+
+func foo15(arg string) (results string, err error) {
+	commandLine := "mysql -h mysql -u root -prootwolf -e 'select adminsid from vulnapp.adminsessions where adminsessionid=\"" + arg + "\";'"
+
+	res, err := exec.Command("sh", "-c", commandLine).Output()
+	if err != nil {
+		fmt.Println(err)
+	}
+
+	return string(res), nil
+}