[ECA-6447] Add a configurable whitelist to external validators - PrimeKey Issue Tracker

Details

Type: New Feature
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: EJBCA 6.11.0
Component/s: None
Labels:
None

Stakeholder:

R&D
Issue discovered during:
Review
Sprint:
EJBCA Happy Fun Sprint (6)

Description

To guard against a malicious user using a system command in an external validator, we should have a configurable whitelist of system commands (complete paths) which can be set in external validators.

What we basically want under System Configuration is a Validators tab (because this is global), and in that tab a text box in which one may enter semicolon-separated command names (such as /var/bin/script.sh;var/bin/otherscript.sh)

Attachments

Issue Links

causes

ECA-6458 Replace the literal string "0" with GlobalConfiguration.GLOBAL_CONFIGURATION_ID

Open

is related to

ECA-6459 Use external command whitelist for custom publishers

Open

relates

ECA-6446 Add a system configuration value for enabling External Command Validators

Closed

ECA-6440 ExternalCommandCertifciateValidator to call external scripts only

Closed

Activity

People

Assignee:

Andres Jakobs

Reporter:

Mike Agrenius Kushner

Verified by:

Andres Jakobs, Samuel Lidén Borell

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

2017-12-22 18:36

Updated:

2018-01-02 10:19

Resolved:

2018-01-02 10:00

Time Tracking

Estimated:

Remaining:

Logged:

2d 2h 1m