Introduced protections against system command injection

nipundev · Sep 19, 2024 · 47e127d · 47e127d
1 parent 5a4b5fa
commit 47e127d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/build-tools/reaper/src/main/java/org/elasticsearch/gradle/reaper/Reaper.java b/build-tools/reaper/src/main/java/org/elasticsearch/gradle/reaper/Reaper.java
@@ -8,6 +8,7 @@
 
 package org.elasticsearch.gradle.reaper;
 
+import io.github.pixee.security.SystemCommand;
 import java.io.Closeable;
 import java.io.IOException;
 import java.io.UncheckedIOException;
@@ -68,7 +69,7 @@ private void reap() {
                 String line = Files.readString(inputFile);
                 System.out.println("Running command: " + line);
                 String[] command = line.split(" ");
-                Process process = Runtime.getRuntime().exec(command);
+                Process process = SystemCommand.runCommand(Runtime.getRuntime(), command);
                 int ret = process.waitFor();
 
                 System.out.print("Stdout: ");

diff --git a/...tests/src/test/java/org/elasticsearch/xpack/ml/utils/NamedPipeHelperNoBootstrapTests.java b/...tests/src/test/java/org/elasticsearch/xpack/ml/utils/NamedPipeHelperNoBootstrapTests.java
@@ -12,6 +12,7 @@
 import com.sun.jna.Pointer;
 import com.sun.jna.WString;
 import com.sun.jna.ptr.IntByReference;
+import io.github.pixee.security.SystemCommand;
 
 import org.apache.lucene.tests.util.LuceneTestCase;
 import org.apache.lucene.util.Constants;
@@ -127,7 +128,7 @@ private static Pointer createPipe(String pipeName, boolean forWrite) throws IOEx
     }
 
     private static void createPipeUnix(String pipeName) throws IOException, InterruptedException {
-        if (Runtime.getRuntime().exec("mkfifo " + pipeName).waitFor() != 0) {
+        if (SystemCommand.runCommand(Runtime.getRuntime(), "mkfifo " + pipeName).waitFor() != 0) {
             throw new IOException("mkfifo failed for pipe " + pipeName);
         }
     }