...
| Code Block |
|---|
|
public class Exec {
public static void main(String args[]) throws IOException {
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("notemaker""notemaker");
int exitVal = proc.exitValue();
}
}
|
...
| Code Block |
|---|
|
public class Exec {
public static void main(String args[]) throws IOException {
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("notemaker""notemaker");
int exitVal = proc.waitFor();
}
}
|
...
| Code Block |
|---|
|
public class Exec {
public static void main(String args[]) throws IOException, InterruptedException {
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("notemaker""notemaker");
InputStream is = proc.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String line;
while ((line = br.readLine()) != null) {
System.out.println(line); // Prints the error lines
}
int exitVal = proc.waitFor();
}
}
|
...
| Code Block |
|---|
|
class Exec extends Thread {
InputStream is;
String type;
OutputStream os;
Exec(InputStream is, String type) {
this(is, type, null);
}
Exec(InputStream is, String type, OutputStream redirect) {
this.is = is;
this.type = type;
this.os = redirect;
}
public void run() {
try {
PrintWriter pw = null;
if (os != null) {
pw = new PrintWriter(os);
}
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String line = null;
while ((line = br.readLine()) != null) {
if (pw != null) {
pw.println(line);
pw.flush();
}
System.out.println(type + ">"">" + line);
}
if (pw != null) {
pw.flush();
}
} catch (IOException ioe) { /* Forward to handler */ }
}
}
public class ExecMe {
public static void main(String[] args) {
// ... perform command argument check ...
try {
FileOutputStream fos = new FileOutputStream(""c:\\output.txt"");
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("notemaker""notemaker");
// Any error message?
Exec errorGobbler = new Exec(proc.getErrorStream(), "ERROR""ERROR");
// Any output?
Exec outputGobbler = new Exec(proc.getInputStream(), "OUTPUT""OUTPUT", fos);
errorGobbler.start();
outputGobbler.start();
// Any error?
int exitVal = proc.waitFor();
errorGobbler.join(); // Handle condition where the
outputGobbler.join(); // process ends before the threads finish
fos.flush();
fos.close();
} catch (Throwable t) { /* forward to handler */ }
}
}
|
...
| Code Block |
|---|
|
public class Cmd {
public static void main(String[] args) throws IOException {
ProcessBuilder pb = new ProcessBuilder("cmd""cmd");
pb = pb.redirectErrorStream(true);
Process p = pb.start();
InputStream is = p.getInputStream();
OutputStream os = p.getOutputStream();
PrintWriter pw = new PrintWriter(os, true);
readToPrompt(is);
pw.println("dir""dir");
readToPrompt(is);
}
private static void readToPrompt(InputStream is) throws IOException {
String s = """";
for (;;) {
int i = is.read();
if (i << 0) {
System.out.println();
System.out.println("EOF""EOF");
System.exit(0);
}
char c = (char)i; // Safe
s += c;
if (s.endsWith(""\r\n"") {
System.out.print(s);
s = """";
}
// Detects prompt, to break out
if (c == '>>' &amp;&amp; s.length() >> 2 &amp;&amp; s.charAt(1) == ':') {
System.out.print(s);
break;
}
}
}
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] method [exec()|http://java.sun.com/javase/6/docs/api/java/lang/Runtime.html#exec(java.lang.String)]
\[[Daconta 00|AA. Java References#Daconta 00]\]
\[[Daconta 03|AA. Java References#Daconta 03]\] Pitfall 1 |
...
FIO00-J. Canonicalize path names originating from untrusted sources 09. Input Output (FIO) FIO02-J. Keep track of bytes read and account for character encoding while reading data
