Layer7 API Management

Expand all | Collapse all

Is it possible to run OS commands in api gateway policy?

Jump to Best Answer
  • 1.  Is it possible to run OS commands in api gateway policy?

    Posted 09-25-2018 05:33 PM

    Is it possible to run OS commands in api gateway policy, assertion, or fragment?



  • 2.  Re: Is it possible to run OS commands in api gateway policy?

    Posted 09-25-2018 07:10 PM

    Dear Victor,

    I don't think it's supported.

    And I don't think the gateway will intend to support it - as per my understanding, supporting OS command will lead to command injection vulnerability. Keep in mind that the gateway is a security product.

     

    Regards,

    Mark



  • 3.  Re: Is it possible to run OS commands in api gateway policy?
    Best Answer

    Posted 09-26-2018 06:12 AM

    There is a tactical assertion called SSHCommand. Please raise a support case with CA support to get this assertion. As Mark said, this is a high risk vulnerability. The gateway will have no control on what commands are run. 



  • 4.  Re: Is it possible to run OS commands in api gateway policy?

    Posted 09-26-2018 09:30 AM

    Thanks for the reply.