Merge pull request #767 from Stirling-Tools/pixeebot/drip-2024-02-01-pixee-java/harden-process-creation
Introduced protections against system command injection
This commit is contained in:
commit
271906097d
2 changed files with 4 additions and 2 deletions
|
@ -1,5 +1,6 @@
|
|||
package stirling.software.SPDF;
|
||||
|
||||
import io.github.pixee.security.SystemCommand;
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.Socket;
|
||||
|
@ -44,7 +45,7 @@ public class LibreOfficeListener {
|
|||
}
|
||||
|
||||
// Start the listener process
|
||||
process = Runtime.getRuntime().exec("unoconv --listener");
|
||||
process = SystemCommand.runCommand(Runtime.getRuntime(), "unoconv --listener");
|
||||
lastActivityTime = System.currentTimeMillis();
|
||||
|
||||
// Start a background thread to monitor the activity timeout
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
package stirling.software.SPDF;
|
||||
|
||||
import io.github.pixee.security.SystemCommand;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.Collections;
|
||||
|
@ -34,7 +35,7 @@ public class SPdfApplication {
|
|||
Runtime rt = Runtime.getRuntime();
|
||||
if (os.contains("win")) {
|
||||
// For Windows
|
||||
rt.exec("rundll32 url.dll,FileProtocolHandler " + url);
|
||||
SystemCommand.runCommand(rt, "rundll32 url.dll,FileProtocolHandler " + url);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
|
|
Loading…
Reference in a new issue