Removing execCommand from ConfigPropertiesCascadeCommonUtils

[ayomawdb]

It seems like there is no practical usage of execCommand method available in [1]. Please correct me if I'm wrong here. It seems that the function is not used anywhere in the code.

If there is no use of it, I'd love to help cleaning up ConfigPropertiesCascadeCommonUtils. This can have unnecessary security complications since it's a public static method, and we have some commercial security scanners complaining about it already.

[1]

www-project-csrfguard/csrfguard/src/main/java/org/owasp/csrfguard/config/overlay/ConfigPropertiesCascadeCommonUtils.java

Line 8921 in 2fb2f9c

public static CommandResult execCommand(String[] arguments, boolean exceptionOnExitValueNeZero) {

[aramrami]

Hi Ayoma, Yes please proceed to this change and submit a push request. Regards, Azzeddine Le jeu. 16 janv. 2020 à 05:18, Ayoma Wijethunga <[email protected]> a écrit :

…

Is the a practical usage of execCommand method available in [1]? It seems that the function is not used anywhere in the code. If there is no use of it, I'd love to help cleaning up ConfigPropertiesCascadeCommonUtils. This can have unnecessary security complications since it's a public static method, and we have some commercial security scanners complaining about it already. [1] https://github.com/OWASP/www-project-csrfguard/blob/2fb2f9c78df6a3572c525d3b47410ad1c70856aa/csrfguard/src/main/java/org/owasp/csrfguard/config/overlay/ConfigPropertiesCascadeCommonUtils.java#L8921 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#1?email_source=notifications&email_token=AABXCECIGX7UQ3HSFOG7XXTQ57NYPA5CNFSM4KHNW22KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IGQ6C3A>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABXCEFJJND5MM3QR6S337TQ57NYPANCNFSM4KHNW22A> .

-- *Cordialement/Regards/Mit freundlichen Grüßen/Cordiali saluti/Saludos/تحية خالصة * ------------------------------ *Azzedine Ramrami* OWASP Morocco Chapter OWASP AppSec Africa President IBM Security - Senior Security & Network Architect Data & Application Security, Cogntive Security, IoT/OT/ICS/SCADA Security & SIEM Certified Mile2 CPTE/CPTC/CDFE/CSWAE and EC-Council C|EH OWASP Morocco Leader/OWASP AppSec Africa President IBM Security Global Speaker *Consider giving back, and supporting the open source community by becoming a **member* <https://www.owasp.org/index.php/Membership>* or making a * *donation* <https://www.owasp.org/index.php/Donate>* today! * *Join us at AppSec <https://2018.appsecmorocco.org/>* <https://2018.appsecmorocco.org/>*Morocco* <https://2018.appsecmorocco.org/> * & * <https://2018.appsecmorocco.org/>*Africa* <https://2018.appsecmorocco.org/>* 20 <https://2020.appsecmorocco.org/>20** June 4 & 5 Rabat/Morocco!*

------------------------------ Phone: +33 1 58 75 18 17 | Mobile: +33 6 65 48 90 04 / +33 6 10 25 93 15 E-mail: [email protected] [email protected] Skype: azzeddine.ramrami

[forgedhallpass]

Related issue: #25