Application launch security

Scope: managed applications, ordinary applications.

1. When starting an external application from the code, make sure that the launch string consists of checked parts only.
If one of the launch string parts contains data that is got from the database, from the input field on the form, or read from storage settings, you need to check whether the start is safe before starting the application. Safe data is string data that does not contain the following characters: "$", "`", "|", "||" ";", "&", and "&&".

This requirement is applied to all application launch methods including the following ones:

  • SystemCommand(<CommandString>, <CurrentDirectory>)
  • RunApplication(<CommandString>, <CurrentDirectory>, <WaitForCompletion>, <ReturnCode>) ;
  • BeginRunningApplication(<NotifyDescription>, <CommandString>, <CurrentDirectory>, <WaitForCompletion>);
  • GotoURL(<URL>);
  • Usage of COM objects "Wscript.Shell" and "Shell.Application".

2. When using the Standard Subsystems Library, use the following API to start external applications:
2.1. To open the explorer with focus on the specified file, use the FileSystemClient.OpenExplorer procedure.
For example:

// For Windows
FileSystemClient.OpenExplorer("C:\Users");
FileSystemClient.OpenExplorer("C:\Program Files\1cv8\common\1cestart.exe");
// For Linux
FileSystemClient.OpenExplorer("/home/");
FileSystemClient.OpenExplorer("/opt/1C/v8.3/x86_64/1cv8c");

2.2. To open a file in the viewer associated with the file extension, use the FileSystemClient.OpenFile procedure. It prevents executable files from being started (for example, *.exe, *.bin, or *.apk).
For example:

FileSystemClient.OpenFile(DocumentsDir() + "test.pdf");
FileSystemClient.OpenFile("D:\test.xlsx");

2.3. To open a webpage in a browser, run the application using the protocol (for example, mailto:, skype:, tel:, and so on). To open an infobase URL, use the FileSystemClient.OpenURL procedure. In web client, the application will suggest that a user installs an extension for files if it is necessary to perform the operation.
For example:

FileSystemClient.OpenURL("https://1c.ru");
FileSystemClient.OpenURL("e1cib/navigationpoint/startpage"); // home page.
FileSystemClient.OpenURL("mailto:help@1c.ru");
FileSystemClient.OpenURL("skype:echo123?call");

To open the Explorer or a file in a viewer, do not create a link using the file: // protocol. For this purpose, use one of the following procedures: OpenExplorer (see cl. 2.1) or OpenFile (see cl. 2.2).

2.4. In order to:

  • Run files for execution (for example, *.exe, *bat)
  • Use system commands (for example, ping, tracert, or traceroute, access RAC Client)
  • Execute commands on server
  • Get a return code and values of the output stream (stdout) and errors (stderr)

use the FileSystemClient.StartApplication procedure in the client code and the FileSystem.StartApplication procedure in the server code.
For example:

FileSystemClient.StartApplication("calc");

An example of how to start the application with waiting for completion and getting a return code:

ApplicationStartupParameters = FileSystem.ApplicationStartupParameters();
ApplicationStartupParameters.WaitForCompletion = True;
ApplicationStartupParameters.GetOutputStream = True;
ApplicationStartupParameters.GetErrorStream = True;

Result = FileSystem.StartApplication(
 "ping 127.0.0.1 -n 5", ApplicationStartupParameters);

ReturnCode = Result.ReturnCode;
OutputStream = Result.OutputStream;
ErrorStream = Result.ErrorStream;

2.5. When starting an external application in batch mode, the output stream and error stream might be returned in an unexpected language. To pass a language, in which the result is expected, to the external application, you need to:
• specify the language in the startup parameter of this application (if such parameter exists). For example, in platform batch mode, specify the key "/L en".
• In other cases, set the encoding for batch command execution explicitly.

For example, if you use the following code snippet:

ApplicationStartupParameters = FileSystem.ApplicationStartupParameters();
ApplicationStartupParameters.WaitForCompletion = True;
ApplicationStartupParameters.GetOutputStream = True;
ApplicationStartupParameters.ExecutionEncoding = "OEM";
Result = FileSystem("ping 127.0.0.1 -n 5", ApplicationStartupParameters);
Common.InformUser(Result.OutputStream);

the console will be forced switched to the OEM encoding, in which the result returns in English. Technically, the following commands will be executed:

chcp 437
ping 127.0.0.1 -n 5

3. To execute a command, for which it is necessary to start an external application in elevated privileges mode (for example, in Windows OS, with display of the UAC elevation request), you need to:

  • Implement it in a managed form as a button or menu item.
  • On the button that starts the action, display the shield icon (the ShieldIcon common picture from Standard Subsystems Library).

For example, see requirements for Windows OS.