org.owasp.esapi.reference
Class DefaultExecutor

java.lang.Object
  extended by org.owasp.esapi.reference.DefaultExecutor
All Implemented Interfaces:
Executor

public class DefaultExecutor
extends java.lang.Object
implements Executor

Reference implementation of the Executor interface. This implementation is very restrictive. Commands must exactly equal the canonical path to an executable on the system.

Valid characters for parameters are codec dependent, but will usually only include alphanumeric, forward-slash, and dash.

Since:
June 1, 2007
Author:
Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
See Also:
Executor

Method Summary
 ExecuteResult executeSystemCommand(java.io.File executable, java.util.List params)
          Invokes the specified executable with default workdir and codec and not logging parameters.
 ExecuteResult executeSystemCommand(java.io.File executable, java.util.List params, java.io.File workdir, Codec codec, boolean logParams, boolean redirectErrorStream)
          Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
static Executor getInstance()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

getInstance

public static Executor getInstance()

executeSystemCommand

public ExecuteResult executeSystemCommand(java.io.File executable,
                                          java.util.List params)
                                   throws ExecutorException
Invokes the specified executable with default workdir and codec and not logging parameters.

Specified by:
executeSystemCommand in interface Executor
Parameters:
executable - the command to execute
params - the parameters of the command being executed
Throws:
ExecutorException

executeSystemCommand

public ExecuteResult executeSystemCommand(java.io.File executable,
                                          java.util.List params,
                                          java.io.File workdir,
                                          Codec codec,
                                          boolean logParams,
                                          boolean redirectErrorStream)
                                   throws ExecutorException
Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible. Implementations must change to the specified working directory before invoking the command. The reference implementation sets the work directory, escapes the parameters as per the Codec in use, and then executes the command without using concatenation. The exact, absolute, canonical path of each executable must be listed as an approved executable in the ESAPI properties. The executable must also exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if you are going to invoke this interface with confidential information.

Specified by:
executeSystemCommand in interface Executor
Parameters:
executable - the command to execute
params - the parameters of the command being executed
workdir - the working directory
codec - the codec to use to encode for the particular OS in use
logParams - use false if any parameters contains sensitive or confidential information
Returns:
the output of the command being run
Throws:
ExecutorException - the service exception


Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.