From b0a29e71fd8f0853780e1312a98035e4a76fb3d3 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 03:35:33 +0000 Subject: [PATCH] Introduced protections against system command injection --- .../src/main/java/org/elasticsearch/gradle/reaper/Reaper.java | 3 ++- .../xpack/ml/utils/NamedPipeHelperNoBootstrapTests.java | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/build-tools/reaper/src/main/java/org/elasticsearch/gradle/reaper/Reaper.java b/build-tools/reaper/src/main/java/org/elasticsearch/gradle/reaper/Reaper.java index c2adaf59ead1b..2a8c0a1856384 100644 --- a/build-tools/reaper/src/main/java/org/elasticsearch/gradle/reaper/Reaper.java +++ b/build-tools/reaper/src/main/java/org/elasticsearch/gradle/reaper/Reaper.java @@ -8,6 +8,7 @@ package org.elasticsearch.gradle.reaper; +import io.github.pixee.security.SystemCommand; import java.io.Closeable; import java.io.IOException; import java.io.UncheckedIOException; @@ -68,7 +69,7 @@ private void reap() { String line = Files.readString(inputFile); System.out.println("Running command: " + line); String[] command = line.split(" "); - Process process = Runtime.getRuntime().exec(command); + Process process = SystemCommand.runCommand(Runtime.getRuntime(), command); int ret = process.waitFor(); System.out.print("Stdout: "); diff --git a/x-pack/plugin/ml/qa/no-bootstrap-tests/src/test/java/org/elasticsearch/xpack/ml/utils/NamedPipeHelperNoBootstrapTests.java b/x-pack/plugin/ml/qa/no-bootstrap-tests/src/test/java/org/elasticsearch/xpack/ml/utils/NamedPipeHelperNoBootstrapTests.java index 59f909f972d2f..3580527c300b8 100644 --- a/x-pack/plugin/ml/qa/no-bootstrap-tests/src/test/java/org/elasticsearch/xpack/ml/utils/NamedPipeHelperNoBootstrapTests.java +++ b/x-pack/plugin/ml/qa/no-bootstrap-tests/src/test/java/org/elasticsearch/xpack/ml/utils/NamedPipeHelperNoBootstrapTests.java @@ -12,6 +12,7 @@ import com.sun.jna.Pointer; import com.sun.jna.WString; import com.sun.jna.ptr.IntByReference; +import io.github.pixee.security.SystemCommand; import org.apache.lucene.tests.util.LuceneTestCase; import org.apache.lucene.util.Constants; @@ -127,7 +128,7 @@ private static Pointer createPipe(String pipeName, boolean forWrite) throws IOEx } private static void createPipeUnix(String pipeName) throws IOException, InterruptedException { - if (Runtime.getRuntime().exec("mkfifo " + pipeName).waitFor() != 0) { + if (SystemCommand.runCommand(Runtime.getRuntime(), "mkfifo " + pipeName).waitFor() != 0) { throw new IOException("mkfifo failed for pipe " + pipeName); } }