Prevents command injections when opening links

d5cfdfb5 · Sergey Toshin · Skylot · 2e5d73a7 · d5cfdfb5
Commit d5cfdfb5 authored Apr 07, 2018 by Sergey Toshin Committed by Skylot Apr 08, 2018
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 3 deletions

Link.java jadx-gui/src/main/java/jadx/gui/utils/Link.java +9 -3

No files found.
--- a/jadx-gui/src/main/java/jadx/gui/utils/Link.java
+++ b/jadx-gui/src/main/java/jadx/gui/utils/Link.java
@@ -66,16 +66,22 @@ public class Link extends JLabel implements MouseListener {
 		try {
 			String os = System.getProperty("os.name").toLowerCase();
 			if (os.contains("win")) {
-				Runtime.getRuntime().exec("rundll32 url.dll,FileProtocolHandler " + url);
+				new ProcessBuilder()
+					.command(new String[] {"rundll32", "url.dll,FileProtocolHandler", url})
+					.start();
 				return;
 			}
 			if (os.contains("mac")) {
-				Runtime.getRuntime().exec("open " + url);
+				new ProcessBuilder()
+					.command(new String[] {"open", url})
+					.start();
 				return;
 			}
 			Map<String, String> env = System.getenv();
 			if (env.get("BROWSER") != null) {
-				Runtime.getRuntime().exec(env.get("BROWSER") + " " + url);
+				new ProcessBuilder()
+					.command(new String[] {env.get("BROWSER"), url})
+					.start();
 				return;
 			}
 		} catch (Exception e) {