diff --git a/backend/src/main/java/com/printcalculator/service/SlicerService.java b/backend/src/main/java/com/printcalculator/service/SlicerService.java index da782b4..186a241 100644 --- a/backend/src/main/java/com/printcalculator/service/SlicerService.java +++ b/backend/src/main/java/com/printcalculator/service/SlicerService.java @@ -92,8 +92,9 @@ public class SlicerService { // 3. Run slicer. Retry with arrange only for out-of-volume style failures. for (boolean useArrange : new boolean[]{false, true}) { // Build process arguments explicitly to avoid shell interpretation and command injection. - ProcessBuilder pb = new ProcessBuilder(trustedSlicerPath); + ProcessBuilder pb = new ProcessBuilder(); List command = pb.command(); + command.add(trustedSlicerPath); command.add("--load-settings"); command.add(machineProfilePath); command.add("--load-settings"); @@ -162,17 +163,17 @@ public class SlicerService { } public Optional inspectModelDimensions(File inputModel) { - Path tempDir = null; + Path tempDir = null; try { tempDir = Files.createTempDirectory("slicer_info_"); Path infoLogPath = tempDir.resolve("orcaslicer-info.log"); String inputModelPath = requireSafeArgument(inputModel.getAbsolutePath(), "input model path"); - ProcessBuilder pb = new ProcessBuilder( - trustedSlicerPath, - "--info", - inputModelPath - ); + ProcessBuilder pb = new ProcessBuilder(); + List infoCommand = pb.command(); + infoCommand.add(trustedSlicerPath); + infoCommand.add("--info"); + infoCommand.add(inputModelPath); pb.directory(tempDir.toFile()); pb.redirectErrorStream(true); pb.redirectOutput(infoLogPath.toFile());