Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6440

ExternalCommandCertifciateValidator to call external scripts only

        Details

        • Type: Improvement
        • Status: Closed
        • Priority: Trivial
        • Resolution: Fixed
        • Affects Version/s: None
        • Fix Version/s: EJBCA 6.11.1
        • Component/s: CA GUI
        • Labels:
          None
        • Environment:
          All
        • Issue discovered during:
          Testing
        • Sprint:
          EJBCA Sprint 5

          Description

          ExternalCommandCertifciateValidator still allows external commands like 'openssl'. GeneralPurposeCustomPublisher avoids this with a simple File("<path>").exists() check, so only exiting script files or symlinks can be called and not an arbitrary command. Therefore this check has to be implemented for ExternalCommandCertifciateValidator as well and the test classes needs to be updated.

            Attachments

              Issue Links

              is related to

              New Feature - A new feature of the product, which has yet to be developed. ECA-6051 Add post-processing to Validator framework

              • Critical - Crashes, loss of data, severe memory leak.
              • Closed

              New Feature - A new feature of the product, which has yet to be developed. ECA-6447 Add a configurable whitelist to external validators

              • Minor - Minor loss of function, or other problem where easy workaround is present.
              • Closed

              Improvement - An improvement or enhancement to an existing feature or task. ECA-6446 Add a system configuration value for enabling External Command Validators

              • Major - Major loss of function.
              • Closed

                Activity

                  People

                  • Assignee:
                    anjakobs Andres Jakobs
                    Reporter:
                    anjakobs Andres Jakobs
                    Verified by:
                    Mike Agrenius Kushner
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Due:
                      Created:
                      Updated:
                      Resolved:

                      Time Tracking

                      Estimated:
                      Original Estimate - 2 minutes
                      2m
                      Remaining:
                      Remaining Estimate - 2 minutes
                      2m
                      Logged:
                      Time Spent - Not Specified
                      Not Specified