== How to fix it in Java SE

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,java,diff-id=11,diff-type=noncompliant]
----
@Controller
public class ExampleController
{
    @GetMapping(value = "/exec")
    public void exec(@RequestParam("command") String command) throws IOException {
        Runtime.getRuntime().exec(command);
    }
}
----

==== Compliant solution

[source,java,diff-id=11,diff-type=compliant]
----
@Controller
public class ExampleController
{
    @GetMapping(value = "/exec")
    public void exec(@RequestParam("command") String command) throws IOException {
        List<String> allowedCmds = new ArrayList<String>();
        allowedCmds.add("/usr/bin/ls");
        allowedCmds.add("/usr/bin/cat");
        if (allowedCmds.contains(command)){
          Process proc = Runtime.getRuntime().exec(command);
        }
    }
}
----

++java.lang.Runtime++ is sometimes used over ++java.lang.ProcessBuilder++ due to ease of use. Flexibility in methods often introduces security issues as edge cases are easily missed. The compliant solution logic is also applied to ++java.lang.ProcessBuilder++.

=== How does this work?

include::../../common/fix/introduction.adoc[]

include::../../common/fix/pre-approved-list.adoc[]

:sanitizationLib: java.lang.Runtime.exec(String[] cmdarray)

include::../../common/fix/sanitize-meta-characters.adoc[]

Here `{sanitizationLib}` takes care of escaping the passed arguments and
internally creates a single string given to the operating system to be
executed.