...
In addition, a complementary policy is to create a secure sandbox using a security manager (ENV30-J. Create a secure sandbox using a Security Manager). This approach is akin to the one discussed in the first compliant solution of IDS12-J. Prevent XML external entity attacks. The application should not allow the script to execute arbitrary commands such as querying the local file system. The two-argument form of doPrivileged() can also be used to lower privileges when the application must operate with higher privileges but the scripting engine must not. Refer to the guideline SEC00-J. Follow the principle of least privilege for more details on the two-argument form.
| Code Block | ||
|---|---|---|
| ||
// First sanitize firstName // Single-argument form, used when the application is given the most restrictive permissionsRestrict permission using the two-argument form of doPrivileged() try { AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws ScriptException { engine.eval("print('"+ firstName + "')"); return null; } }, RestrictedAccessControlContext.INSTANCE); } catch(PrivilegedActionException pae) { // Handle } |
...