public interface Executor
Implementations should do as much as possible to minimize the risk of injection into either the command or parameters. In addition, implementations should timeout after a specified time period in order to help prevent denial of service attacks.
The class should perform logging and error handling as well. Finally, implementation should handle errors and generate an ExecutorException with all the necessary information.
The reference implementation does all of the above.
Modifier and Type | Method and Description |
---|---|
ExecuteResult |
executeSystemCommand(File executable,
List params)
Invokes the specified executable with default workdir and codec and not logging parameters.
|
ExecuteResult |
executeSystemCommand(File executable,
List params,
File workdir,
Codec codec,
boolean logParams,
boolean redirectErrorStream)
Executes a system command after checking that the executable exists and
escaping all the parameters to ensure that injection is impossible.
|
ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException
executable
- the command to executeparams
- the parameters of the command being executedExecutorException
ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream) throws ExecutorException
executable
- the command to executeparams
- the parameters of the command being executedworkdir
- the working directorycodec
- the codec to use to encode for the particular OS in uselogParams
- use false if any parameters contains sensitive or confidential informationExecutorException
- the service exceptionCopyright © 2023 The Open Web Application Security Project (OWASP). All rights reserved.