...
| Code Block | ||
|---|---|---|
| ||
// ...
String dir = null;
int number = Integer.parseInt(System.getproperty("dir")); // only allow integer choices
switch (number) {
case 1:
dir = "data1";
break; // Option 1
case 2:
dir = "data2";
break; // Option 2
default: // invalid
break;
}
if (dir == null) {
// handle error
}
|
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0a5fe2798d49b49c-2e0e04e4-4e6441d1-926697f6-e5c83a3b7e223feab05e1152"><ac:plain-text-body><![CDATA[ | [CVE-2010-0886] | [Sun Java Web Start Plugin Command Line Argument Injection | http://www.securitytube.net/video/1465] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="23eb6037526cd70f-a7fc0e3e-43714630-b850863d-afecad78083fb1ab8b795031"><ac:plain-text-body><![CDATA[ | [CVE-2010-1826] | [Command injection in updateSharingD's handling of Mach RPC messages | http://securitytracker.com/id/1024617] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5fd4815608e6d9fd-e907039d-46bc497d-b1ebb162-9cc2f9cdda8ac175172af927"><ac:plain-text-body><![CDATA[ | [T-472] | [Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges | http://www.doecirc.energy.gov/bulletins/t-472.shtml] | ]]></ac:plain-text-body></ac:structured-macro> |
...
ENV03-C. Sanitize the environment when invoking external programs | ||||
| ENV04-C. Do not call system() if you do not need a command processor | |||
ENV03-CPP. Sanitize the environment when invoking external programs | ||||
| ENV04-CPP. Do not call system() if you do not need a command processor | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="39fa63c66ca93d82-be8ea1e9-428a4a2b-b3b1bd4a-c4a19c09dd41a5909b2afe57"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Injection [RST]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-78, "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8372018afd4ff45c-1bf219a6-48f54442-9e20916c-e9349823df156d102688c1c6"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="10903bcfcb4ac581-1a95868d-40864746-ac4e88fb-3fa2c8bbf7901d56ebef15c1"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] | [Reviewing Code for OS Injection | http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="21380f6fbc2cd102-126cd7e4-4aed421c-bffeb354-6da62de3e8c0cbd966e78ec4"><ac:plain-text-body><![CDATA[ | [[Permissions 2008 | AA. Bibliography#Permissions 08]] | [Permissions in the Java™ SE 6 Development Kit (JDK) | http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008) | ]]></ac:plain-text-body></ac:structured-macro> |
...