[ECA-6447] Add a configurable whitelist to external validators - PrimeKey Issue Tracker

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: EJBCA 6.11.0
Component/s: None
Labels:
None

Issue discovered during:
Review
Sprint:
EJBCA Happy Fun Sprint (6)

Description

To guard against a malicious user using a system command in an external validator, we should have a configurable whitelist of system commands (complete paths) which can be set in external validators.

What we basically want under System Configuration is a Validators tab (because this is global), and in that tab a text box in which one may enter semicolon-separated command names (such as /var/bin/script.sh;var/bin/otherscript.sh)

Attachments

Issue Links

causes

ECA-6458 Replace the literal string "0" with GlobalConfiguration.GLOBAL_CONFIGURATION_ID

Closed

is related to

ECA-6459 Use external command whitelist for custom publishers

Open

relates

ECA-6446 Add a system configuration value for enabling External Command Validators

Closed

ECA-6440 ExternalCommandCertifciateValidator to call external scripts only

Closed

Activity

People

Assignee:: Andres Jakobs

Reporter:: Mike Agrenius Kushner

Verified by:: Andres Jakobs, Samuel Lidén Borell

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017-12-22 18:36

Updated:: 2019-05-13 13:11

Resolved:: 2018-01-02 10:00

Time Tracking

Estimated:

Remaining:

Logged:

2d 2h 1m

Planned Service Window- JIRA will be down on Saturday, 14 December from 12:00 noon to 5:00 PM (CET).