Closed ayomawdb closed 4 years ago
Hi Ayoma, Yes please proceed to this change and submit a push request. Regards, Azzeddine
Le jeu. 16 janv. 2020 à 05:18, Ayoma Wijethunga notifications@github.com a écrit :
Is the a practical usage of execCommand method available in [1]? It seems that the function is not used anywhere in the code. If there is no use of it, I'd love to help cleaning up ConfigPropertiesCascadeCommonUtils. This can have unnecessary security complications since it's a public static method, and we have some commercial security scanners complaining about it already.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/OWASP/www-project-csrfguard/issues/1?email_source=notifications&email_token=AABXCECIGX7UQ3HSFOG7XXTQ57NYPA5CNFSM4KHNW22KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IGQ6C3A, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABXCEFJJND5MM3QR6S337TQ57NYPANCNFSM4KHNW22A .
Azzedine Ramrami
OWASP Morocco Chapter
OWASP AppSec Africa President
IBM Security - Senior Security & Network Architect Data & Application Security, Cogntive Security, IoT/OT/ICS/SCADA Security & SIEM Certified Mile2 CPTE/CPTC/CDFE/CSWAE and EC-Council C|EH OWASP Morocco Leader/OWASP AppSec Africa President IBM Security Global Speaker
*Consider giving back, and supporting the open source community by becoming a *member https://www.owasp.org/index.php/Membership or making a donation https://www.owasp.org/index.php/Donate today!
Join us at AppSec https://2018.appsecmorocco.org/ https://2018.appsecmorocco.org/Morocco https://2018.appsecmorocco.org/
Phone: +33 1 58 75 18 17 | Mobile: +33 6 65 48 90 04 / +33 6 10 25 93 15 E-mail: azzedine.ramrami@fr.ibm.com azzeddine.ramrami@gmail.com Skype: azzeddine.ramrami
Related issue: https://github.com/OWASP/www-project-csrfguard/issues/25
It seems like there is no practical usage of
execCommand
method available in [1]. Please correct me if I'm wrong here. It seems that the function is not used anywhere in the code.If there is no use of it, I'd love to help cleaning up
ConfigPropertiesCascadeCommonUtils
. This can have unnecessary security complications since it's apublic static
method, and we have some commercial security scanners complaining about it already.[1] https://github.com/OWASP/www-project-csrfguard/blob/2fb2f9c78df6a3572c525d3b47410ad1c70856aa/csrfguard/src/main/java/org/owasp/csrfguard/config/overlay/ConfigPropertiesCascadeCommonUtils.java#L8921