Module io.github.pixee.security
Package io.github.pixee.security

Class SystemCommand

  • public final class SystemCommand
extends java.lang.Object
    This type offers utility methods to run system commands more safely.

    • Method Detail

      • defaultRestrictions

        public static java.util.Set<SystemCommandRestrictions> defaultRestrictions()
        The default restrictions if none are specified.
        Returns:
        a set of restrictions suitable for general use

      • runProcessBuilder

        public static java.lang.Process runProcessBuilder​(java.lang.ProcessBuilder processBuilder,
                                                  java.util.Set<SystemCommandRestrictions> restrictions)
                                           throws java.io.IOException
        Does the same as ProcessBuilder.start(), but adds restrictions on what types of commands will be allowed. Will throw a SecurityException if any of the restrictions may be violated by the command found. Note that the method of detecting violations is based on semantic analysis of the command, and so is vulnerable to impedance mismatches between the analysis we perform and whatever shell is interpreting the command. Either way, it's a lot safer.
        Parameters:
        processBuilder - the system command about to be run
        restrictions - the set of restrictions to run with
        Returns:
        the Process that results from the hardened ProcessBuilder.start() call
        Throws:
        java.lang.SecurityException - if multiple commands are found
        java.lang.IllegalArgumentException - if restriction is null
        java.io.IOException - from the wrapped system process invocation call

      • runProcessBuilder

        public static java.lang.Process runProcessBuilder​(java.lang.ProcessBuilder processBuilder)
                                           throws java.io.IOException
        Delegates to runProcessBuilder(ProcessBuilder, Set) with default restrictions.
        Parameters:
        processBuilder - the system command about to be run
        Returns:
        the Process that results from the hardened ProcessBuilder.start() call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String command,
                                           java.util.Set<SystemCommandRestrictions> restrictions)
                                    throws java.io.IOException
        Does the same as Runtime.exec(String), but adds restrictions on what types of commands will be allowed. Will throw a SecurityException if any of the restrictions may be violated by the command found. Note that the method of detecting violations is based on semantic analysis of the command, and so is vulnerable to impedance mismatches between the analysis we perform and whatever shell is interpreting the command. Either way, it's a lot safer.
        Parameters:
        command - the system command about to be run
        runtime - the runtime to run with
        restrictions - the set of restrictions to run with
        Returns:
        the Process that results from the hardened Runtime.exec(String) call
        Throws:
        java.lang.SecurityException - if multiple commands are found
        java.lang.IllegalArgumentException - if restriction is null
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String command)
                                    throws java.io.IOException
        Delegates to runCommand(Runtime, String, Set) with default restrictions.
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        Returns:
        the Process that results from the hardened Runtime.exec(String) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String[] command,
                                           java.util.Set<SystemCommandRestrictions> restrictions)
                                    throws java.io.IOException
        Does the same as Runtime.exec(String[]), but adds restrictions on what types of commands will be allowed. Will throw a SecurityException if any of the restrictions may be violated by the command found. Note that the method of detecting violations is based on semantic analysis of the command, and so is vulnerable to impedance mismatches between the analysis we perform and whatever shell is interpreting the command. Either way, it's a lot safer.
        Parameters:
        command - the system command about to be run
        runtime - the runtime to run with
        restrictions - the set of restrictions to run with
        Returns:
        the Process that results from the hardened Runtime.exec(String[]) call
        Throws:
        java.lang.SecurityException - if multiple commands are found
        java.lang.IllegalArgumentException - if restriction is null
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String[] command)
                                    throws java.io.IOException
        Delegates to runCommand(Runtime, String[], Set) with default restrictions.
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        Returns:
        the Process that results from the hardened Runtime.exec(String[]) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String[] command,
                                           java.lang.String[] envp,
                                           java.util.Set<SystemCommandRestrictions> restrictions)
                                    throws java.io.IOException
        Same as runCommand(Runtime, String[], Set) but also include more data to pass into Runtime.exec(String[], String[]).
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        envp - the environment variables
        restrictions - the set of restrictions to run with
        Returns:
        the Process that results from the hardened Runtime.exec(String[]) call
        Throws:
        java.lang.SecurityException - if multiple commands are found
        java.lang.IllegalArgumentException - if restriction is null
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String[] command,
                                           java.lang.String[] envp)
                                    throws java.io.IOException
        Delegates to runCommand(Runtime, String[], String[], Set) with default restrictions.
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        envp - the environment variables
        Returns:
        the Process that results from the hardened Runtime.exec(String[], String[]) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String[] command,
                                           java.lang.String[] envp,
                                           java.io.File dir,
                                           java.util.Set<SystemCommandRestrictions> restrictions)
                                    throws java.io.IOException
        Same as runCommand(Runtime, String[], Set) but also include more data to pass into Runtime.exec(String[], String[], File).
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        envp - the environment variables
        dir - the working directory to run the system command in
        restrictions - the set of restrictions to run with
        Returns:
        the Process that results from the hardened Runtime.exec(String[], String[], File) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String command,
                                           java.lang.String[] envp,
                                           java.util.Set<SystemCommandRestrictions> restrictions)
                                    throws java.io.IOException
        Same as runCommand(Runtime, String, Set) but also include more data to pass into Runtime.exec(String, String[]).
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        envp - the environment variables
        restrictions - the set of restrictions to run with
        Returns:
        the Process that results from the hardened Runtime.exec(String, String[]) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String command,
                                           java.lang.String[] envp)
                                    throws java.io.IOException
        Delegates to runCommand(Runtime, String, String[], Set) with default restrictions.
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        envp - the environment variables
        Returns:
        the Process that results from the hardened Runtime.exec(String, String[]) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String command,
                                           java.lang.String[] envp,
                                           java.io.File dir,
                                           java.util.Set<SystemCommandRestrictions> restrictions)
                                    throws java.io.IOException
        Same as runCommand(Runtime, String, Set) but also include more data to pass into Runtime.exec(String, String[], File).
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        envp - the environment variables
        dir - the working directory to run the system command in
        restrictions - the set of restrictions to run with
        Returns:
        the Process that results from the hardened Runtime.exec(String, String[], File) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String command,
                                           java.lang.String[] envp,
                                           java.io.File dir)
                                    throws java.io.IOException
        Delegates to runCommand(Runtime, String, String[], File, Set) with default restrictions.
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        envp - the environment variables
        dir - the working directory to run the system command in
        Returns:
        the Process that results from the hardened Runtime.exec(String, String[], File) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call

      • runCommand

        public static java.lang.Process runCommand​(java.lang.Runtime runtime,
                                           java.lang.String[] command,
                                           java.lang.String[] envp,
                                           java.io.File dir)
                                    throws java.io.IOException
        Delegates to runCommand(Runtime, String[], String[], File, Set) with default restrictions.
        Parameters:
        runtime - the runtime to run with
        command - the system command about to be run
        envp - the environment variables
        dir - the working directory to run the system command in
        Returns:
        the Process that results from the hardened Runtime.exec(String[], String[], File) call
        Throws:
        java.io.IOException - from the wrapped system process invocation call