From 450e090252d911970f5c580a2b6ae4e71ce1fdd9 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <23113631+pixeebot@users.noreply.github.com> Date: Thu, 1 Feb 2024 23:01:04 +0000 Subject: [PATCH] Protect `readLine()` against DoS --- .../java/stirling/software/SPDF/utils/ProcessExecutor.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/utils/ProcessExecutor.java b/src/main/java/stirling/software/SPDF/utils/ProcessExecutor.java index 23311bde..f75367a7 100644 --- a/src/main/java/stirling/software/SPDF/utils/ProcessExecutor.java +++ b/src/main/java/stirling/software/SPDF/utils/ProcessExecutor.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.utils; +import io.github.pixee.security.BoundedLineReader; import java.io.BufferedReader; import java.io.File; import java.io.IOException; @@ -109,7 +110,7 @@ public class ProcessExecutor { process.getErrorStream(), StandardCharsets.UTF_8))) { String line; - while ((line = errorReader.readLine()) != null) { + while ((line = BoundedLineReader.readLine(errorReader, 5_000_000)) != null) { errorLines.add(line); if (liveUpdates) logger.info(line); } @@ -130,7 +131,7 @@ public class ProcessExecutor { process.getInputStream(), StandardCharsets.UTF_8))) { String line; - while ((line = outputReader.readLine()) != null) { + while ((line = BoundedLineReader.readLine(outputReader, 5_000_000)) != null) { outputLines.add(line); if (liveUpdates) logger.info(line); }