Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6440

ExternalCommandCertifciateValidator to call external scripts only

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.1
    • Component/s: CA GUI
    • Labels:
      None
    • Environment:
      All
    • Issue discovered during:
      Testing
    • Sprint:
      EJBCA Sprint 5

      Description

      ExternalCommandCertifciateValidator still allows external commands like 'openssl'. GeneralPurposeCustomPublisher avoids this with a simple File("<path>").exists() check, so only exiting script files or symlinks can be called and not an arbitrary command. Therefore this check has to be implemented for ExternalCommandCertifciateValidator as well and the test classes needs to be updated.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                anjakobs Andres Jakobs
                Reporter:
                anjakobs Andres Jakobs
                Verified by:
                Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 minutes
                  2m
                  Remaining:
                  Remaining Estimate - 2 minutes
                  2m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified