16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
54 lines
1.3 KiB
Plaintext
54 lines
1.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
Runtime.getRuntime().exec("file.exe"); // Sensitive: an absolute path is used
|
|
|
|
ProcessBuilder pb = new ProcessBuilder("file.exe"); // Sensitive: an absolute path is used
|
|
pb.command("file.exe"; // Sensitive.
|
|
|
|
CommandLine cmdLine = CommandLine.parse("file.exe"); // Sensitive: an absolute path is used
|
|
DefaultExecutor executor = new DefaultExecutor();
|
|
executor.execute(cmdLine);
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,java]
|
|
----
|
|
Runtime.getRuntime().exec("/usr/bin/file.exe"); // Compliant
|
|
|
|
ProcessBuilder pb = new ProcessBuilder("/usr/bin/file.exe"); // Compliant
|
|
pb.command("/usr/bin/file.exe"; // Sensitive.
|
|
|
|
CommandLine cmdLine = CommandLine.parse("/usr/bin/file.exe"); // Compliant
|
|
DefaultExecutor executor = new DefaultExecutor();
|
|
executor.execute(cmdLine);
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 9 May 2019, 15:11:40 Nicolas Harraudeau wrote:
|
|
This rule is deprecated for Java because the taint analysis engine already covers command injection (RSPEC-2076).
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|