[ECA-6440] ExternalCommandCertifciateValidator to call external scripts only - PrimeKey Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: EJBCA 6.11.1
Component/s: CA GUI
Labels:
None
Environment:
All

Issue discovered during:
Testing
Sprint:
EJBCA Sprint 5

Description

ExternalCommandCertifciateValidator still allows external commands like 'openssl'. GeneralPurposeCustomPublisher avoids this with a simple File("<path>").exists() check, so only exiting script files or symlinks can be called and not an arbitrary command. Therefore this check has to be implemented for ExternalCommandCertifciateValidator as well and the test classes needs to be updated.

Attachments

Issue Links

is related to

ECA-6051 Add post-processing to Validator framework

Closed

ECA-6447 Add a configurable whitelist to external validators

Closed

ECA-6446 Add a system configuration value for enabling External Command Validators

Closed

Activity

People

Assignee:: Andres Jakobs

Reporter:: Andres Jakobs

Verified by:: Mike Agrenius Kushner

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Due:: 2017-12-21

Created:: 2017-12-21 11:39

Updated:: 2019-05-13 13:11

Resolved:: 2017-12-22 14:11

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified

Planned Service Window- JIRA will be down on Saturday, 14 December from 12:00 noon to 5:00 PM (CET).