Hardening suggestions for java-security-toolkit / ryandens/process-builder#25
Hardening suggestions for java-security-toolkit / ryandens/process-builder#25pixeebot[bot] wants to merge 1 commit intoryandens/process-builderfrom
Conversation
![pixeebot[bot]](https://avatars.githubusercontent.com/in/193111?s=60&v=4){kind=small}
| final Set<SystemCommandRestrictions> restrictions) | ||
| throws IOException { | ||
| runChecks(command, restrictions); | ||
| return runtime.exec(command); |
There was a problem hiding this comment.
Hardened this system call to make it resistant to injected commands and commands that target sensitive files
| final Set<SystemCommandRestrictions> restrictions) | ||
| throws IOException { | ||
| runChecks(command, restrictions); | ||
| return runtime.exec(command); |
There was a problem hiding this comment.
Hardened this system call to make it resistant to injected commands and commands that target sensitive files
| final Set<SystemCommandRestrictions> restrictions) | ||
| throws IOException { | ||
| runChecks(command, restrictions); | ||
| return runtime.exec(command, envp); |
There was a problem hiding this comment.
Hardened this system call to make it resistant to injected commands and commands that target sensitive files
| final Set<SystemCommandRestrictions> restrictions) | ||
| throws IOException { | ||
| runChecks(command, restrictions); | ||
| return runtime.exec(command, envp, dir); |
There was a problem hiding this comment.
Hardened this system call to make it resistant to injected commands and commands that target sensitive files
| final Set<SystemCommandRestrictions> restrictions) | ||
| throws IOException { | ||
| runChecks(command, restrictions); | ||
| return runtime.exec(command, envp); |
There was a problem hiding this comment.
Hardened this system call to make it resistant to injected commands and commands that target sensitive files
| final Set<SystemCommandRestrictions> restrictions) | ||
| throws IOException { | ||
| runChecks(command, restrictions); | ||
| return runtime.exec(command, envp, dir); |
There was a problem hiding this comment.
Hardened this system call to make it resistant to injected commands and commands that target sensitive files
|
pixeebot recursion 🤦 this is the library we use to harden things 😆 |
2 participants
I've reviewed the recently opened PR (24 - ✨ add support for checking commands invoked with ProcessBuilder) and have identified some area(s) that could benefit from additional hardening measures.
These changes should help prevent potential security vulnerabilities and improve overall code quality.
Thank you for your consideration!
docs | feedback
Powered by: pixeebot