44 lines
1.3 KiB
Plaintext
44 lines
1.3 KiB
Plaintext
=== How to fix it in Java SE
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
@Controller
|
|
public class ExampleController
|
|
{
|
|
@GetMapping(value = "/find")
|
|
public void find(@RequestParam("filename") String filename) throws IOException {
|
|
|
|
Runtime.getRuntime().exec("/usr/bin/find . -iname " + filename);
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
@Controller
|
|
public class ExampleController
|
|
{
|
|
@GetMapping(value = "/find")
|
|
public void find(@RequestParam("filename") String filename) throws IOException {
|
|
|
|
String cmd1[] = new String[] {"/usr/bin/find", ".", "-iname", filename};
|
|
Process proc = Runtime.getRuntime().exec(cmd1); // Compliant
|
|
}
|
|
}
|
|
----
|
|
|
|
++java.lang.Runtime++ is sometimes used over ++java.lang.ProcessBuilder++ due to ease of use. Flexibility in methods often introduces security issues as edge cases are easily missed. The compliant solution logic is also applied to ++java.lang.ProcessBuilder++.
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
Here `java.lang.Runtime.exec(String[] cmdarray)` takes care of escaping the passed arguments and internally
|
|
creates a single string given to the operating system to be executed.
|