> > I thought not blocking `ProcessBuilder` enables a whole lot of > > vulnerabilities. Is this risk gone when `isSequence` is set? > > > > What happens when `new ProcessBuilder` is used in a parameter name? > > It won't work because using constructors matches using java.lang.Class > (that how it works) but you cannot do things like this: > "x=@ProcessBuilder@create(), x.execute(aCommand)" with `isSequence` in > place > >
alright, then I'm fine with it. Regards, Christoph This Email was scanned by Sophos Anti Virus
