Skip to main content

Table 2 Features for detecting OS command injection

From: Towards the application of recommender systems to secure coding

Feature Data type Possible values Description
Shell_command_present Boolean {True, false} Tells whether a shell command is supplied to runtime.exec. Shell commands include command.com, cmd.exe, /bin/sh /bin/csh, /bin/ksh, /bin/bash, /bin/tcsh, /bin/zsh, /bin/rc, /bin/es
Unsanitized_args_processed Boolean {True, false} Specifies whether the programmer passes potentially tainted user arguments to the runtime.exec method
Faulty_characters_present Boolean {True, false} Specifies whether faulty characters are present in the command passed to the runtime.exec method
File_permission_imported Boolean {True, false} Tells whether the recommended Java File permission class is imported to prevent command injection
Metadata String A field containing runtime examples and methods found in each Java file
Class Binary {Safe, unsafe} The target variable