ESAPI-C 1.0
The OWASP Enterprise Security API for C
|
Command Shell Executor module header. More...
Go to the source code of this file.
Functions | |
char * | esapi_execute (char *executable, char **params, int paramcount, char *workdir, codec *c, bool logParams) |
Spawns a new process to execute the given command. |
Command Shell Executor module header.
The Executor module is used to run an OS command with reduced security risk.
Implementations should do as much as possible to minimize the risk of injection into either the command or parameters. In addition, implementations should timeout after a specified time period in order to help prevent denial of service attacks.
The functions should perform logging and error handling as well. Finally, an implementation should handle errors and generate an log with all the necessary information.
This reference implementation does all of the above except for the timeout.
Definition in file executor.h.
char* esapi_execute | ( | char * | executable, |
char ** | params, | ||
int | paramcount, | ||
char * | workdir, | ||
codec * | c, | ||
bool | logParams | ||
) |
Spawns a new process to execute the given command.
executable | The executable filename to be executed. |
params | An array of command-line parameters |
paramcount | The number of parameters |
workdir | The working directory for the new process |
c | A codec to be used to encode the command string before passing it to the command shell interpreter. |
logParams | 1 if the parameter values are to be logged, 0 if not. |
Spawns a new process to execute the given command.
The exact, absolute, canonical path of each executable must be listed as an approved executable in the ESAPI properties. The executable must also exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if you are going to invoke this interface with confidential information.
Definition at line 50 of file executor.c.
References esapi_log_warn(), is_allowed(), and is_canonical().