...
This noncompliant code example invokes a hypothetical cross-platform notepad application using the external command notemaker. The notemaker application does not read its input stream , but sends output to both its output stream and error stream.
...
| Code Block | ||
|---|---|---|
| ||
public class Exec {
public static void main(String args[]) throws IOException, InterruptedException {
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("notemaker");
InputStream is = proc.getInputStream();
int c;
while ((c = is.read()) != -1) {
System.out.print((char) c);
}
int exitVal = proc.waitFor();
}
}
|
Compliant Solution (redirectErrorStream())
...
| Code Block | ||
|---|---|---|
| ||
public class Exec {
public static void main(String args[]) throws IOException, InterruptedException {
ProcessBuilder pb = new ProcessBuilder("notemaker");
pb = pb.redirectErrorStream(true);
Process proc = pb.start();
InputStream is = proc.getInputStream();
int c;
while ((c = is.read()) != -1) {
System.out.print((char) c);
}
int exitVal = proc.waitFor();
}
}
|
Compliant Solution (Input Stream and Error Stream)
...
| Code Block | ||
|---|---|---|
| ||
class StreamGobbler extends Thread {
InputStream is;
PrintStream os;
StreamGobbler(InputStream is, PrintStream os) {
this.is = is;
this.os = os;
}
public void run() {
try {
int c;
while ((c = is.read()) != -1)
os.print((char) c);
} catch (IOException x) {
// handle error
}
}
}
public class Exec {
public static void main(String[] args) throws IOException, InterruptedException {
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("notemaker");
// Any error message?
StreamGobbler errorGobbler = new StreamGobbler(proc.getErrorStream(), System.err);
// Any output?
StreamGobbler outputGobbler = new StreamGobbler(proc.getInputStream(), System.out);
errorGobbler.start();
outputGobbler.start();
// Any error?
int exitVal = proc.waitFor();
errorGobbler.join(); // Handle condition where the
outputGobbler.join(); // process ends before the threads finish
}
}
|
Exceptions
FIO07-EX0: Failure to supply input to a process that never reads input from its input stream is harmless, and can be beneficial. Failure to empty the output or error streams of a process that never sends output to its output or error streams is similarly harmless, or even beneficial. Consequently, programs are permitted to ignore the input, output, or error streams when, and only when, the process is guaranteed those streams.
...
Misuse of the exec() method can result in runtime exceptions and in denial-of-service vulnerabilities.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO07-J | low | probable | medium | P4 | L3 |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9295f332b0dfb9cd-f729de0f-42e44b7c-9c75b7fb-05ca157d397ea0b1633026ae"><ac:plain-text-body><![CDATA[ | [[API 06 | AA. Bibliography#API 06]] | method [exec() | http://java.sun.com/javase/6/docs/api/java/lang/Runtime.html#exec(java.lang.String)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7b3984feb6cbd387-12396b22-44884954-a5578006-09b0495885e4b5b80fec3e29"><ac:plain-text-body><![CDATA[ | [[Daconta 00 | AA. Bibliography#Daconta 00]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cb867c026b13b04b-457f6b7d-4c8c495d-b10aa1f9-aa2dd7079d7f28e85f3a6353"><ac:plain-text-body><![CDATA[ | [[Daconta 03 | AA. Bibliography#Daconta 03]] | Pitfall 1 | ]]></ac:plain-text-body></ac:structured-macro> |
...