rspec/rules/S6547/java/rule.adoc

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/java-se.adoc[]

== Resources

include::../common/resources/standards.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Change this code to prevent users from defining arbitrary environment variables.


=== Highlighting

Highlight `String[] envp` the 2nd positional argument of
`java.lang.Runtime#exec` calls.


'''
'''
endif::env-github,rspecator-view[]
Create rule S6547: Environment variables should not be defined from untrusted input (APPSEC-541) (#1685) Implementation ticket: [SONARSEC-3702](https://sonarsource.atlassian.net/browse/SONARSEC-3702) Specification ticket: [APPSEC-541](https://sonarsource.atlassian.net/browse/APPSEC-541) 2023-04-26 17:32:09 +02:00			`== Why is this an issue?`

Create rule S6547(C#): Environment variables should not be defined from untrusted input (#2875) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6547/csharp) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> 2023-08-17 12:58:46 +02:00			`include::../rationale.adoc[]`
Create rule S6547: Environment variables should not be defined from untrusted input (APPSEC-541) (#1685) Implementation ticket: [SONARSEC-3702](https://sonarsource.atlassian.net/browse/SONARSEC-3702) Specification ticket: [APPSEC-541](https://sonarsource.atlassian.net/browse/APPSEC-541) 2023-04-26 17:32:09 +02:00
Create rule S6547(C#): Environment variables should not be defined from untrusted input (#2875) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6547/csharp) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> 2023-08-17 12:58:46 +02:00			`include::../impact.adoc[]`
Create rule S6547: Environment variables should not be defined from untrusted input (APPSEC-541) (#1685) Implementation ticket: [SONARSEC-3702](https://sonarsource.atlassian.net/browse/SONARSEC-3702) Specification ticket: [APPSEC-541](https://sonarsource.atlassian.net/browse/APPSEC-541) 2023-04-26 17:32:09 +02:00
			`// How to fix it section`

			`include::how-to-fix-it/java-se.adoc[]`

			`== Resources`

			`include::../common/resources/standards.adoc[]`

			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`Change this code to prevent users from defining arbitrary environment variables.`


			`=== Highlighting`

			Highlight `String[] envp` the 2nd positional argument of
			`java.lang.Runtime#exec` calls.
Create rule S6547: Environment variables should not be defined from untrusted input (APPSEC-541) (#1685) Implementation ticket: [SONARSEC-3702](https://sonarsource.atlassian.net/browse/SONARSEC-3702) Specification ticket: [APPSEC-541](https://sonarsource.atlassian.net/browse/APPSEC-541) 2023-04-26 17:32:09 +02:00

			`'''`
			`'''`
			`endif::env-github,rspecator-view[]`