Class DefaultExecutor

  • All Implemented Interfaces:
    Executor

    public class DefaultExecutor
    extends java.lang.Object
    implements Executor
    Reference implementation of the Executor interface. This implementation is very restrictive. Commands must exactly equal the canonical path to an executable on the system.

    Valid characters for parameters are codec dependent, but will usually only include alphanumeric, forward-slash, and dash.

    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
    See Also:
    Executor
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      ExecuteResult executeSystemCommand​(java.io.File executable, java.util.List params)
      Invokes the specified executable with default workdir and codec and not logging parameters.
      ExecuteResult executeSystemCommand​(java.io.File executable, java.util.List params, java.io.File workdir, Codec codec, boolean logParams, boolean redirectErrorStream)
      Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible.
      static Executor getInstance()  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • getInstance

        public static Executor getInstance()
      • executeSystemCommand

        public ExecuteResult executeSystemCommand​(java.io.File executable,
                                                  java.util.List params)
                                           throws ExecutorException
        Invokes the specified executable with default workdir and codec and not logging parameters.
        Specified by:
        executeSystemCommand in interface Executor
        Parameters:
        executable - the command to execute
        params - the parameters of the command being executed
        Throws:
        ExecutorException
      • executeSystemCommand

        public ExecuteResult executeSystemCommand​(java.io.File executable,
                                                  java.util.List params,
                                                  java.io.File workdir,
                                                  Codec codec,
                                                  boolean logParams,
                                                  boolean redirectErrorStream)
                                           throws ExecutorException
        Executes a system command after checking that the executable exists and escaping all the parameters to ensure that injection is impossible. Implementations must change to the specified working directory before invoking the command. The reference implementation sets the work directory, escapes the parameters as per the Codec in use, and then executes the command without using concatenation. The exact, absolute, canonical path of each executable must be listed as an approved executable in the ESAPI properties. The executable must also exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if you are going to invoke this interface with confidential information.
        Specified by:
        executeSystemCommand in interface Executor
        Parameters:
        executable - the command to execute
        params - the parameters of the command being executed
        workdir - the working directory
        codec - the codec to use to encode for the particular OS in use
        logParams - use false if any parameters contains sensitive or confidential information
        Returns:
        the output of the command being run
        Throws:
        ExecutorException - the service exception