ESAPI-C 1.0
The OWASP Enterprise Security API for C

executor.h File Reference

Command Shell Executor module header. More...

#include <stdio.h>
#include <stdbool.h>
#include "codec.h"

Go to the source code of this file.

Functions

char * esapi_execute (char *executable, char **params, int paramcount, char *workdir, codec *c, bool logParams)
 Spawns a new process to execute the given command.

Detailed Description

Command Shell Executor module header.

The Executor module is used to run an OS command with reduced security risk.

Implementations should do as much as possible to minimize the risk of injection into either the command or parameters. In addition, implementations should timeout after a specified time period in order to help prevent denial of service attacks.

The functions should perform logging and error handling as well. Finally, an implementation should handle errors and generate an log with all the necessary information.

This reference implementation does all of the above except for the timeout.

Since:
June 1, 2007

Definition in file executor.h.


Function Documentation

char* esapi_execute ( char *  executable,
char **  params,
int  paramcount,
char *  workdir,
codec c,
bool  logParams 
)

Spawns a new process to execute the given command.

Parameters:
executableThe executable filename to be executed.
paramsAn array of command-line parameters
paramcountThe number of parameters
workdirThe working directory for the new process
cA codec to be used to encode the command string before passing it to the command shell interpreter.
logParams1 if the parameter values are to be logged, 0 if not.

Spawns a new process to execute the given command.

The exact, absolute, canonical path of each executable must be listed as an approved executable in the ESAPI properties. The executable must also exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if you are going to invoke this interface with confidential information.

Definition at line 50 of file executor.c.

References esapi_log_warn(), is_allowed(), and is_canonical().

 All Data Structures Files Functions Variables Typedefs Defines