45 lines
1.3 KiB
Plaintext
45 lines
1.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
The full path of the command is not specified and thus the executable will be searched in all directories listed in the ``++PATH++`` environment variable:
|
|
|
|
----
|
|
Runtime.getRuntime().exec("make"); // Sensitive
|
|
Runtime.getRuntime().exec(new String[]{"make"}); // Sensitive
|
|
|
|
ProcessBuilder builder = new ProcessBuilder("make"); // Sensitive
|
|
builder.command("make"); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
The command is defined by its full path:
|
|
|
|
----
|
|
Runtime.getRuntime().exec("/usr/bin/make"); // Compliant
|
|
Runtime.getRuntime().exec(new String[]{"~/bin/make"}); // Compliant
|
|
|
|
ProcessBuilder builder = new ProcessBuilder("./bin/make"); // Compliant
|
|
builder.command("../bin/make"); // Compliant
|
|
builder.command(Arrays.asList("..\bin\make", "-j8")); // Compliant
|
|
|
|
builder = new ProcessBuilder(Arrays.asList(".\make")); // Compliant
|
|
builder.command(Arrays.asList("C:\bin\make", "-j8")); // Compliant
|
|
builder.command(Arrays.asList("\\SERVER\bin\make")); // Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|