...
This compliant solution prevents command injection by only passing trusted strings to Runtime.exec(). While the user has control over which string gets used, the user cannot send strings directly to Runtime.exec().
| Code Block | ||
|---|---|---|
| ||
// ...
String dir = null;
int number = Integer.parseInt(System.getproperty("dir")); // only allow integer choices
switch(number) {
case 1:
dir = "data1"
break; // Option 1
case 2:
dir = "data2"
break; // Option 2
default: // invalid
break;
}
if (dir == null) {
// handle error
}
|
...