From 91caa2a097f5784d7a501c9f40da8345841ca659 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <23113631+pixeebot@users.noreply.github.com> Date: Thu, 1 Feb 2024 23:18:24 +0000 Subject: [PATCH] Introduced protections against system command injection --- src/main/java/stirling/software/SPDF/LibreOfficeListener.java | 3 ++- src/main/java/stirling/software/SPDF/SPdfApplication.java | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/LibreOfficeListener.java b/src/main/java/stirling/software/SPDF/LibreOfficeListener.java index 6d32adc3..d8196dcd 100644 --- a/src/main/java/stirling/software/SPDF/LibreOfficeListener.java +++ b/src/main/java/stirling/software/SPDF/LibreOfficeListener.java @@ -1,5 +1,6 @@ package stirling.software.SPDF; +import io.github.pixee.security.SystemCommand; import java.io.IOException; import java.net.InetSocketAddress; import java.net.Socket; @@ -44,7 +45,7 @@ public class LibreOfficeListener { } // Start the listener process - process = Runtime.getRuntime().exec("unoconv --listener"); + process = SystemCommand.runCommand(Runtime.getRuntime(), "unoconv --listener"); lastActivityTime = System.currentTimeMillis(); // Start a background thread to monitor the activity timeout diff --git a/src/main/java/stirling/software/SPDF/SPdfApplication.java b/src/main/java/stirling/software/SPDF/SPdfApplication.java index 7388b5e4..8cdcc701 100644 --- a/src/main/java/stirling/software/SPDF/SPdfApplication.java +++ b/src/main/java/stirling/software/SPDF/SPdfApplication.java @@ -1,5 +1,6 @@ package stirling.software.SPDF; +import io.github.pixee.security.SystemCommand; import java.nio.file.Files; import java.nio.file.Paths; import java.util.Collections; @@ -34,7 +35,7 @@ public class SPdfApplication { Runtime rt = Runtime.getRuntime(); if (os.contains("win")) { // For Windows - rt.exec("rundll32 url.dll,FileProtocolHandler " + url); + SystemCommand.runCommand(rt, "rundll32 url.dll,FileProtocolHandler " + url); } } catch (Exception e) { e.printStackTrace();