Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6440

ExternalCommandCertifciateValidator to call external scripts only

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.1
    • Component/s: CA GUI
    • Labels:
      None
    • Environment:
      All
    • Issue discovered during:
      Testing
    • Sprint:
      EJBCA Sprint 5

      Description

      ExternalCommandCertifciateValidator still allows external commands like 'openssl'. GeneralPurposeCustomPublisher avoids this with a simple File("<path>").exists() check, so only exiting script files or symlinks can be called and not an arbitrary command. Therefore this check has to be implemented for ExternalCommandCertifciateValidator as well and the test classes needs to be updated.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              anjakobs Andres Jakobs
              Reporter:
              anjakobs Andres Jakobs
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 minutes
                  2m
                  Remaining:
                  Remaining Estimate - 2 minutes
                  2m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified