• Home
• io.codemodder
• core-codemods
• 0.95.0
• source code
• report.json

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.HardenProcessCreationCodemod.report.json Maven / Gradle / Ivy

{
  "summary" : "Introduced protections against system command injection",
  "change" : "Hardened this system call to make it resistant to injected commands and commands that target sensitive files",
  "control" : "https://github.com/pixee/java-security-toolkit/blob/main/src/main/java/io/github/pixee/security/SystemCommand.java",
  "reviewGuidanceIJustification" : "We believe this change is safe and effective. The behavior of hardened `Runtime#exec()` calls will only throw `SecurityException` if they see behavior involved in malicious code execution, which is extremely unlikely to happen in normal operation.",
  "references": [
    "https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html",
    "https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec%28%29+method"
  ]
}