Rule Definition
For portability reasons, 'java.lang.Runtime.exec()' should not be used since it means being dependant on the environment where the application is deployed.
For security reasons, 'java.lang.Runtime.exec()' can lead to malicious file execution resulting in devastating attacks such as total server compromise.
There are uses correct uses of Runtime.exec for example when the method call is platform neutral.
Such examples of the correct use of Runtime.exec are:
- Invocation of a Java compiler, with the name of the compiler specified as a
user-settable Property.
- Execution of a command the user typed in (a "shell").
- Invocation of a browser, configured as part of the installation of the
program, when the user presses a "Help" button.
Remediation
Alternative to java.lang.Runtime.exec(), we can also make use of java.lang.ProcessBuilder which makes it much easier to specify a process, set up its environment, spawn it, and handle its file descriptors.
Violation Code Sample
private boolean checkSudoPrivilege() throws InterruptedException, IOException { // "sudo -v" returns non-zero value if the current user has problem running sudo command. // It will always return zero if user is root. Process process = Runtime.getRuntime().exec("sudo -v"); int exitCode = process.waitFor(); return exitCode == 0; } }
Reference
Open Web Application Security Project's Top Ten
http://www.owasp.org/index.php/Top_10_2007-A3
see OWASP_Top_10_2007_for_JEE.pdf
Related Technologies
JEE
Technical Criterion
Secure Coding - Weak Security Features
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.