ESAPI-C 1.0
The OWASP Enterprise Security API for C
|
A Command Shell Executor module implementation. More...
#include <string.h>
#include "executor.h"
#include "log.h"
Go to the source code of this file.
Defines | |
#define | EXTRA_COMMANDS 7 |
Functions | |
int | is_canonical (char *path) |
Determine whether the given path is canonicalized on this platform, using a POSIX method. | |
int | is_allowed (char *path) |
Determine whether the given path is allowed by the configured security policy. | |
char * | esapi_execute (char *executable, char **params, int paramcount, char *workdir, codec *c, bool logParams) |
The reference implementation sets the work directory, escapes the parameters as per the Codec in use, and then executes the command without using concatenation. |
A Command Shell Executor module implementation.
Definition in file executor.c.
char* esapi_execute | ( | char * | executable, |
char ** | params, | ||
int | paramcount, | ||
char * | workdir, | ||
codec * | c, | ||
bool | logParams | ||
) |
The reference implementation sets the work directory, escapes the parameters as per the Codec in use, and then executes the command without using concatenation.
Spawns a new process to execute the given command.
The exact, absolute, canonical path of each executable must be listed as an approved executable in the ESAPI properties. The executable must also exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if you are going to invoke this interface with confidential information.
Definition at line 50 of file executor.c.
References esapi_log_warn(), is_allowed(), and is_canonical().