Title: IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method  
Author: Dhruv Mohindra Mar 17, 2009
Last Changed by: Jon O'Donnell Aug 06, 2021
Tiny Link: (useful for email) https://wiki.sei.cmu.edu/confluence/x/xTdGBQ
Export As: Word · PDF  
Incoming Links
SEI CERT Perl Coding Standard (1)
    Page: IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter
SEI CERT Oracle Coding Standard for Java (1)
    Page: Input Validation and Data Sanitization
SEI CERT C Coding Standard (1)
    Page: ENV03-C. Sanitize the environment when invoking external programs
Hierarchy
Outgoing Links
External Links (11)
    securitytracker.com/id/1024617
    cwe.mitre.org/
    www.securitytube.net/video/1465
    cwe.mitre.org/data/definitions/78.html
    www.doecirc.energy.gov/bulletins/t-472.shtml
    https://www.securecoding.cert.org/confluence/display/perl/C…
    https://www.safaribooksonline.com/library/view/secure-codin…
    java.sun.com/javase/6/docs/technotes/guides/security/permis…
    https://rules.sonarsource.com/java/RSPEC-2076
    internap.dl.sourceforge.net/sourceforge/owasp/OWASPGuide2.0…
    https://www.securecoding.cert.org/confluence/display/perl/I…
SEI CERT C++ Coding Standard (3)     Page: VOID ENV01-CPP. Sanitize the environment when invoking external programs
    Home page: SEI CERT C++ Coding Standard
    Page: VOID ENV02-CPP. Do not call system() if you do not need a command processor
SEI CERT Oracle Coding Standard for Java (14)     Page: SonarQube
    Page: Rule 00. Input Validation and Data Sanitization (IDS)
    Page: Rule AA. References
    Page: IDS06-J. Exclude unsanitized user input from format strings
    Page: CodeSonar_V
    Page: The Checker Framework
    Page: Parasoft
    Page: SonarQube_V
    Page: Coverity
    Page: The Checker Framework_V
    Page: Parasoft_V
    Page: Rule BB. Glossary
    Home page: SEI CERT Oracle Coding Standard for Java
    Page: IDS08-J. Sanitize untrusted data included in a regular expression
SEI CERT C Coding Standard (4)     Page: ENV33-C. Do not call system()
    Page: CodeSonar
    Home page: SEI CERT C Coding Standard
    Page: ENV03-C. Sanitize the environment when invoking external programs