Merge pull request #767 from Stirling-Tools/pixeebot/drip-2024-02-01-pixee-java/harden-process-creation

Introduced protections against system command injection

src/main/java/stirling/software/SPDF/LibreOfficeListener.java

@@ -1,5 +1,6 @@
 package stirling.software.SPDF;
 
+import io.github.pixee.security.SystemCommand;
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.net.Socket;
@@ -44,7 +45,7 @@ public class LibreOfficeListener {
         }
 
         // Start the listener process
-        process = Runtime.getRuntime().exec("unoconv --listener");
+        process = SystemCommand.runCommand(Runtime.getRuntime(), "unoconv --listener");
         lastActivityTime = System.currentTimeMillis();
 
         // Start a background thread to monitor the activity timeout

src/main/java/stirling/software/SPDF/SPdfApplication.java

@@ -1,5 +1,6 @@
 package stirling.software.SPDF;
 
+import io.github.pixee.security.SystemCommand;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.util.Collections;
@@ -34,7 +35,7 @@ public class SPdfApplication {
                 Runtime rt = Runtime.getRuntime();
                 if (os.contains("win")) {
                     // For Windows
-                    rt.exec("rundll32 url.dll,FileProtocolHandler " + url);
+                    SystemCommand.runCommand(rt, "rundll32 url.dll,FileProtocolHandler " + url);
                 }
             } catch (Exception e) {
                 e.printStackTrace();