Package org.owasp.esapi.reference
Class DefaultExecutor
- java.lang.Object
-
- org.owasp.esapi.reference.DefaultExecutor
-
- All Implemented Interfaces:
Executor
public class DefaultExecutor extends java.lang.Object implements Executor
Reference implementation of the Executor interface. This implementation is very restrictive. Commands must exactly equal the canonical path to an executable on the system.Valid characters for parameters are codec dependent, but will usually only include alphanumeric, forward-slash, and dash.
- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
Executor
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description ExecuteResult
executeSystemCommand(java.io.File executable, java.util.List params)
Invokes the specified executable with default workdir and codec and not logging parameters.ExecuteResult
executeSystemCommand(java.io.File executable, java.util.List params, java.io.File workdir, Codec codec, boolean logParams, boolean redirectErrorStream)
Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.static Executor
getInstance()
-
-
-
Method Detail
-
getInstance
public static Executor getInstance()
-
executeSystemCommand
public ExecuteResult executeSystemCommand(java.io.File executable, java.util.List params) throws ExecutorException
Invokes the specified executable with default workdir and codec and not logging parameters.- Specified by:
executeSystemCommand
in interfaceExecutor
- Parameters:
executable
- the command to executeparams
- the parameters of the command being executed- Throws:
ExecutorException
-
executeSystemCommand
public ExecuteResult executeSystemCommand(java.io.File executable, java.util.List params, java.io.File workdir, Codec codec, boolean logParams, boolean redirectErrorStream) throws ExecutorException
Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible. Implementations must change to the specified working directory before invoking the command. The reference implementation sets the work directory, escapes the parameters as per the Codec in use, and then executes the command without using concatenation. The exact, absolute, canonical path of each executable must be listed as an approved executable in the ESAPI properties. The executable must also exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if you are going to invoke this interface with confidential information.- Specified by:
executeSystemCommand
in interfaceExecutor
- Parameters:
executable
- the command to executeparams
- the parameters of the command being executedworkdir
- the working directorycodec
- the codec to use to encode for the particular OS in uselogParams
- use false if any parameters contains sensitive or confidential information- Returns:
- the output of the command being run
- Throws:
ExecutorException
- the service exception
-
-