Merge pull request #766 from Stirling-Tools/pixeebot/drip-2024-02-01-pixee-java/limit-readline

Protect `readLine()` against DoS
This commit is contained in:
Anthony Stirling 2024-02-01 23:05:22 +00:00 committed by GitHub
commit 6105451e08
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1,5 +1,6 @@
package stirling.software.SPDF.utils; package stirling.software.SPDF.utils;
import io.github.pixee.security.BoundedLineReader;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
@ -109,7 +110,7 @@ public class ProcessExecutor {
process.getErrorStream(), process.getErrorStream(),
StandardCharsets.UTF_8))) { StandardCharsets.UTF_8))) {
String line; String line;
while ((line = errorReader.readLine()) != null) { while ((line = BoundedLineReader.readLine(errorReader, 5_000_000)) != null) {
errorLines.add(line); errorLines.add(line);
if (liveUpdates) logger.info(line); if (liveUpdates) logger.info(line);
} }
@ -130,7 +131,7 @@ public class ProcessExecutor {
process.getInputStream(), process.getInputStream(),
StandardCharsets.UTF_8))) { StandardCharsets.UTF_8))) {
String line; String line;
while ((line = outputReader.readLine()) != null) { while ((line = BoundedLineReader.readLine(outputReader, 5_000_000)) != null) {
outputLines.add(line); outputLines.add(line);
if (liveUpdates) logger.info(line); if (liveUpdates) logger.info(line);
} }