53 lines
1.5 KiB
Plaintext
53 lines
1.5 KiB
Plaintext
=== How to fix it in Java SE
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Non-compliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
@Controller
|
|
public class ExampleController
|
|
{
|
|
@GetMapping(value = "/exec")
|
|
public void exec(@RequestParam("command") String command) throws IOException {
|
|
|
|
Runtime.getRuntime().exec(command);
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
@Controller
|
|
public class ExampleController
|
|
{
|
|
@GetMapping(value = "/exec")
|
|
public void exec(@RequestParam("command") String command) throws IOException {
|
|
List<String> allowedCmds = new ArrayList<String>();
|
|
allowedCmds.add("/usr/bin/ls");
|
|
allowedCmds.add("/usr/bin/cat");
|
|
if (allowedCmds.contains(command)){
|
|
Process proc = Runtime.getRuntime().exec(command);
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
++java.lang.Runtime++ is sometimes used over ++java.lang.ProcessBuilder++ due to ease of use. Flexibility in methods often introduces security issues as edge cases are easily missed. The compliant solution logic is also applied to ++java.lang.ProcessBuilder++.
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
include::../../common/fix/pre-approved-list.adoc[]
|
|
|
|
:sanitizationLib: java.lang.Runtime.exec(String[] cmdarray)
|
|
include::../../common/fix/sanitize-meta-characters.adoc[]
|
|
|
|
Here `{sanitizationLib}` takes care of escaping the passed arguments and
|
|
internally creates a single string given to the operating system to be
|
|
executed.
|