Merge pull request #766 from Stirling-Tools/pixeebot/drip-2024-02-01-pixee-java/limit-readline

Protect `readLine()` against DoS
2024-11-17 12:40:11 +01:00 · 2024-02-01 23:05:22 +00:00 · 2024-02-01 23:05:22 +00:00 · 6105451e08
commit 6105451e08
parent 86635f85b4 450e090252
1 changed files with 3 additions and 2 deletions
--- a/src/main/java/stirling/software/SPDF/utils/ProcessExecutor.java
+++ b/src/main/java/stirling/software/SPDF/utils/ProcessExecutor.java
@ -1,5 +1,6 @@
 package stirling.software.SPDF.utils;
 import io.github.pixee.security.BoundedLineReader;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
@ -109,7 +110,7 @@ public class ProcessExecutor {
                                                        process.getErrorStream(),
                                                        StandardCharsets.UTF_8))) {
                                    String line;
-                                    while ((line = errorReader.readLine()) != null) {
+                                    while ((line = BoundedLineReader.readLine(errorReader, 5_000_000)) != null) {
                                        errorLines.add(line);
                                        if (liveUpdates) logger.info(line);
                                    }
@ -130,7 +131,7 @@ public class ProcessExecutor {
                                                        process.getInputStream(),
                                                        StandardCharsets.UTF_8))) {
                                    String line;
-                                    while ((line = outputReader.readLine()) != null) {
+                                    while ((line = BoundedLineReader.readLine(outputReader, 5_000_000)) != null) {
                                        outputLines.add(line);
                                        if (liveUpdates) logger.info(line);
                                    }