Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi
Interface Executor

All Known Implementing Classes:
DefaultExecutor
public interface Executor

The Executor interface is used to run an OS command with reduced security risk.

Implementations should do as much as possible to minimize the risk of injection into either the command or parameters. In addition, implementations should timeout after a specified time period in order to help prevent denial of service attacks.

The class should perform logging and error handling as well. Finally, implementation should handle errors and generate an ExecutorException with all the necessary information.



The reference implementation does all of the above.

Since:
June 1, 2007
Author:
Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

Method Summary
 java.lang.String executeSystemCommand(java.io.File executable, java.util.List params)
          Invokes the specified executable with default workdir and codec and not logging parameters.
 java.lang.String executeSystemCommand(java.io.File executable, java.util.List params, java.io.File workdir, Codec codec, boolean logParams)
          Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
 

Method Detail

executeSystemCommand

java.lang.String executeSystemCommand(java.io.File executable,
                                      java.util.List params)
                                      throws ExecutorException
Invokes the specified executable with default workdir and codec and not logging parameters.

Parameters:
executable - the command to execute
params - the parameters of the command being executed
Throws:
ExecutorException

executeSystemCommand

java.lang.String executeSystemCommand(java.io.File executable,
                                      java.util.List params,
                                      java.io.File workdir,
                                      Codec codec,
                                      boolean logParams)
                                      throws ExecutorException
Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible. Implementations must change to the specified working directory before invoking the command.

Parameters:
executable - the command to execute
params - the parameters of the command being executed
workdir - the working directory
codec - the codec to use to encode for the particular OS in use
logParams - use false if any parameters contains sensitive or confidential information
Returns:
the output of the command being run
Throws:
ExecutorException - the service exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 The Open Web Application Security Project (OWASP). All Rights Reserved.