Question

To prevent code injections, you should avoid inserting user input into code that gets evaluated. Also, since user input can be passed into evaluated code through files that are parsed by the application, you should treat user-uploaded files as untrusted, as well as protect the integrity of existing system files that your programs execute, parse, or include.

为了防止注入攻击，应避免将用户输入插入到将被评估的代码中。此外，由于用户输入可以通过应用程序解析的文件传递到评估的代码中，因此应将用户上传的文件视为不可信，并保护程序执行、解析或包含的现有系统文件的完整性。

And to prevent file inclusion vulnerabilities, you should avoid including files based on user input. If that isn’t possible, disallow the inclusion of remote files and create an allowlist of local files that your programs can include. You can also limit file uploads to certain safe file types and host uploaded files in a separate environment than the application’s source code.

为了防止文件包含漏洞，应避免基于用户输入包含文件。如果不可能，禁止包含远程文件，并创建一个白名单，其中包含您的程序可以包含的本地文件。您还可以将文件上传限制为某些安全文件类型，并将上传的文件托管在应用程序源代码的不同环境中。

Also avoid calling system commands directly and use the programming language’s system APIs instead. Most programming languages have built-in functions that allow you to run system commands without risking command injection. For instance, PHP has a function named mkdir( DIRECTORY_NAME ) . You can use it to create new directories instead of calling system("mkdir DIRECTORY_NAME ") .

避免直接调用系统命令，而是使用编程语言的系统 API。大多数编程语言都内置了函数，允许您运行系统命令而不会有命令注入的风险。例如，PHP 有一个名为 mkdir（DIRECTORY_NAME）的函数。您可以使用它来创建新目录，而不是调用 system（"mkdir DIRECTORY_NAME"）。

You should implement strong input validation for input passed into dangerous functions like eval() or include() . But this technique cannot be relied on as the only form of protection, because attackers are constantly coming up with inventive methods to bypass input validation.

你应该在诸如 eval() 或 include() 等危险函数传入的输入上实施强输入验证。但是，这种技术不能作为唯一的保护形式，因为攻击者不断想出新的方法来绕过输入验证。

Finally, staying up-to-date with patches will prevent your application’s dependencies from introducing RCE vulnerabilities. An application’s dependencies, such as open source packages and components, often introduce vulnerabilities into an application. This is also called a software supply chain attack .

最后，保持补丁程序最新将防止您的应用程序依赖项引入 RCE 漏洞。 应用程序的依赖项，例如开源软件包和组件，通常会引入应用程序漏洞。 这也被称为软件供应链攻击。

You can also deploy a web application firewall ( WAF) to block suspicious attacks. Besides preventing RCEs, this could also help prevent some of the vulnerabilities I’ve discussed earlier in this book, such as SQL injection and XSS.

你也可以部署 Web 应用防火墙（WAF）来阻止可疑攻击。除了防止 RCE，这还可以帮助防止我在本书中讨论过的一些漏洞，例如 SQL 注入和 XSS。

If an attacker does achieve RCE on a machine, how could you minimize the harm they can cause? The principle of least privilege states that applications and processes should be granted only the privileges required to complete their tasks. It is a best practice that lowers the risk of system compromise during an attack because attackers won’t be able to gain access to sensitive files and operations even if they compromise a low-privileged user or process. For example, when a web application requires only read access to a file, it shouldn’t be granted any writing or execution permissions. That’s because, if an attacker hijacks an application that runs with high privilege, the attacker can gain its permissions.

如果攻击者在一台计算机上实现了 RCE，您可以如何减少他们可能造成的危害？最小权限原则表明，应仅授予应用程序和进程完成其任务所需的权限。这是一种最佳实践，可在攻击期间降低系统遭受妥协的风险，因为即使攻击者入侵了低权限用户或进程，他们也无法访问敏感文件和操作。例如，当 Web 应用程序仅需要读取文件时，不应授予任何写入或执行权限。这是因为，如果攻击者劫持以高权限运行的应用程序，则攻击者可以获得其权限。