1

I am trying to run Microsoft Rdp application from code.

I have the following pseudo-code and SonarQube complains about Command Injection Vulnerability

String rdpFilePath = myObject.getRdpFilePath() // get path of .rdp settings file 
ProcessBuilder processBuilder = new ProcessBuilder();
processBuilder.command("mstsc", rdpFilePath).start();

SonarQube Issue explanation is following:

-Potential Command Injection-
The highlighted API is used to execute a system command. 
If unfiltered input is passed to this API, it can lead to arbitrary command execution.

How can filter my input and how can i fix this security issue?

Akiner Alkan
  • 6,145
  • 3
  • 32
  • 68

1 Answers1

1

Your sample is pretty safe. The one thing you should add here before executing mstsc is checking, that rdpFilePath file exists.

You have security issue in a case, if you put unfiltered user input as a 1st argument of command method (sometimes, next arguments can be vulnerable too, if program you want to run allows to run commands too). In such case user can execute arbitrary command on system.

berserkk
  • 987
  • 6
  • 11
  • Hi, I have added rdpFilePath existency check and also readability check. But even in this case SonarQube is warning about the vulnerability of command injection. What I am looking for is the safest solution to this problem. – Akiner Alkan Jun 06 '17 at 16:27
  • You definitely don't have security issues with all these checks. But SonarQube can't understand your filtration code and will continue to warning about potential security risk. You can disable specific warning for block of code. Check this [answer](https://stackoverflow.com/questions/10971968/turning-sonar-off-for-certain-code). – berserkk Jun 06 '17 at 18:49