[JAVA-518] Remove Calls to exec() Due to Security Concerns Created: 08/Feb/12  Updated: 18/Jun/12  Resolved: 08/Feb/12

Status: Closed
Project: Java Driver
Component/s: None
Affects Version/s: 2.7.2
Fix Version/s: 2.8.0

Type: Improvement Priority: Major - P3
Reporter: Martin Hermes Assignee: Jeffrey Yemin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Java driver 2.7.2 - non-env specific


Issue Links:
Depends
Backwards Compatibility: Minor Change

 Description   

The following lines call Runtime.getRuntime().exec():

./src/main/com/mongodb/io/StreamUtil.java:44:        Process p = Runtime.getRuntime().exec( command );
./src/main/com/mongodb/util/TestCase.java:251:        Process p = Runtime.getRuntime().exec( "find " + dir );

This is causing an issue with a security audit. Can they be removed or moved to the test source directory?



 Comments   
Comment by Jeffrey Yemin [ 18/Jun/12 ]

Closing for 2.8.0 release.

Comment by auto [ 08/Feb/12 ]

Author:

{u'login': u'jyemin', u'email': u'jeff.yemin@10gen.com', u'name': u'Jeff Yemin'}

Message: JAVA-518: moving classes from src/main to src/test, because that's where they belong. Also removed unused ZipUtil class
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/560b2682f90e39c99b4b2a1ff810da7a1b7c7a24

Comment by Jeffrey Yemin [ 08/Feb/12 ]

Note that technically this is a backward breaking change, since it's conceivable, though unlikely, that some client of the driver is relying on those classes.

Comment by Scott Hernandez (Inactive) [ 08/Feb/12 ]

The StreamUtil method is not used by the driver.

TestCase.java can be moved to the test dir; it is only used during testing.

Generated at Thu Feb 08 08:52:29 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.