51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
55 lines
1.5 KiB
Plaintext
55 lines
1.5 KiB
Plaintext
== How to fix it in Java SE
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
@Controller
|
|
public class ExampleController
|
|
{
|
|
@GetMapping(value = "/exec")
|
|
public void exec(@RequestParam("command") String command) throws IOException {
|
|
Runtime.getRuntime().exec(command);
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
@Controller
|
|
public class ExampleController
|
|
{
|
|
@GetMapping(value = "/exec")
|
|
public void exec(@RequestParam("command") String command) throws IOException {
|
|
List<String> allowedCmds = new ArrayList<String>();
|
|
allowedCmds.add("/usr/bin/ls");
|
|
allowedCmds.add("/usr/bin/cat");
|
|
if (allowedCmds.contains(command)){
|
|
Process proc = Runtime.getRuntime().exec(command);
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
++java.lang.Runtime++ is sometimes used over ++java.lang.ProcessBuilder++ due to ease of use. Flexibility in methods often introduces security issues as edge cases are easily missed. The compliant solution logic is also applied to ++java.lang.ProcessBuilder++.
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
include::../../common/fix/pre-approved-list.adoc[]
|
|
|
|
:sanitizationLib: java.lang.Runtime.exec(String[] cmdarray)
|
|
|
|
include::../../common/fix/sanitize-meta-characters.adoc[]
|
|
|
|
Here `{sanitizationLib}` takes care of escaping the passed arguments and
|
|
internally creates a single string given to the operating system to be
|
|
executed.
|