Introduced protections against system command injection

This commit is contained in:
pixeebot[bot] 2024-02-01 23:18:24 +00:00
parent 6105451e08
commit 91caa2a097
2 changed files with 4 additions and 2 deletions

View file

@ -1,5 +1,6 @@
package stirling.software.SPDF;
import io.github.pixee.security.SystemCommand;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
@ -44,7 +45,7 @@ public class LibreOfficeListener {
}
// Start the listener process
process = Runtime.getRuntime().exec("unoconv --listener");
process = SystemCommand.runCommand(Runtime.getRuntime(), "unoconv --listener");
lastActivityTime = System.currentTimeMillis();
// Start a background thread to monitor the activity timeout

View file

@ -1,5 +1,6 @@
package stirling.software.SPDF;
import io.github.pixee.security.SystemCommand;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Collections;
@ -34,7 +35,7 @@ public class SPdfApplication {
Runtime rt = Runtime.getRuntime();
if (os.contains("win")) {
// For Windows
rt.exec("rundll32 url.dll,FileProtocolHandler " + url);
SystemCommand.runCommand(rt, "rundll32 url.dll,FileProtocolHandler " + url);
}
} catch (Exception e) {
e.printStackTrace();