Table 2 Features for detecting OS command injection
From: Towards the application of recommender systems to secure coding
Feature | Data type | Possible values | Description |
|---|---|---|---|
Shell_command_present | Boolean | {True, false} | Tells whether a shell command is supplied to runtime.exec. Shell commands include command.com, cmd.exe, /bin/sh /bin/csh, /bin/ksh, /bin/bash, /bin/tcsh, /bin/zsh, /bin/rc, /bin/es |
Unsanitized_args_processed | Boolean | {True, false} | Specifies whether the programmer passes potentially tainted user arguments to the runtime.exec method |
Faulty_characters_present | Boolean | {True, false} | Specifies whether faulty characters are present in the command passed to the runtime.exec method |
File_permission_imported | Boolean | {True, false} | Tells whether the recommended Java File permission class is imported to prevent command injection |
Metadata | String | – | A field containing runtime examples and methods found in each Java file |
Class | Binary | {Safe, unsafe} | The target variable |