org.owasp.esapi.interfaces
Interface IExecutor

All Known Implementing Classes:

Executor

public interface IExecutor

The Executor interface is used to run an OS command with less security risk. Implementations should do as much as possible to minimize the risk of injection into either the command or parameters. In addition, implementations should timeout after a specified time period in order to help prevent denial of service attacks. The class should perform logging and error handling as well. Finally, implementation should handle errors and generate an ExecutorException with all the necessary information.

Since:

June 1, 2007

Author:

Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

Method Summary

java.lang.String

executeSystemCommand(java.io.File executable, java.util.List params, java.io.File workdir, int timeoutSeconds) Executes a system command after checking that the executable exists and that the parameters have not been subject to injection with untrusted user data.

Method Detail

executeSystemCommand

public java.lang.String executeSystemCommand(java.io.File executable,
                                             java.util.List params,
                                             java.io.File workdir,
                                             int timeoutSeconds)
                                      throws ExecutorException

Executes a system command after checking that the executable exists and that the parameters have not been subject to injection with untrusted user data. Implementations shall change to the specified working directory before invoking the command. Also, processes should be interrupted after the specified timeout period has elapsed.

Parameters:

params - the params

workdir - the workdir

timeoutSeconds - the timeout seconds

Returns:

the string

Throws:

ExecutorException - the service exception