JoeKung/print-calculator
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(deploy): fix security
Some checks failed
PR Checks / security-sast (pull_request) Failing after 29s
Details
PR Checks / test-backend (pull_request) Successful in 38s
Details
PR Checks / prettier-autofix (pull_request) Successful in 7s
Details

Browse Source
This commit is contained in:
Joe Küng
2026-03-03 13:12:27 +01:00
parent 958ec82ec1
commit a4c26ec912
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/src/main/java/com/printcalculator/service/SlicerService.java
View File

@@ -92,8 +92,9 @@ public class SlicerService {
// 3. Run slicer. Retry with arrange only for out-of-volume style failures. // 3. Run slicer. Retry with arrange only for out-of-volume style failures.
for (boolean useArrange : new boolean[]{false, true}) { for (boolean useArrange : new boolean[]{false, true}) {
// Build process arguments explicitly to avoid shell interpretation and command injection. // Build process arguments explicitly to avoid shell interpretation and command injection.
ProcessBuilder pb = new ProcessBuilder(trustedSlicerPath); ProcessBuilder pb = new ProcessBuilder();
List<String> command = pb.command(); List<String> command = pb.command();
command.add(trustedSlicerPath);
command.add("--load-settings"); command.add("--load-settings");
command.add(machineProfilePath); command.add(machineProfilePath);
command.add("--load-settings"); command.add("--load-settings");
@@ -162,17 +163,17 @@ public class SlicerService {
} }
public Optional<ModelDimensions> inspectModelDimensions(File inputModel) { public Optional<ModelDimensions> inspectModelDimensions(File inputModel) {
Path tempDir = null; Path tempDir = null;
try { try {
tempDir = Files.createTempDirectory("slicer_info_"); tempDir = Files.createTempDirectory("slicer_info_");
Path infoLogPath = tempDir.resolve("orcaslicer-info.log"); Path infoLogPath = tempDir.resolve("orcaslicer-info.log");
String inputModelPath = requireSafeArgument(inputModel.getAbsolutePath(), "input model path"); String inputModelPath = requireSafeArgument(inputModel.getAbsolutePath(), "input model path");
ProcessBuilder pb = new ProcessBuilder( ProcessBuilder pb = new ProcessBuilder();
trustedSlicerPath, List<String> infoCommand = pb.command();
"--info", infoCommand.add(trustedSlicerPath);
inputModelPath infoCommand.add("--info");
); infoCommand.add(inputModelPath);
pb.directory(tempDir.toFile()); pb.directory(tempDir.toFile());
pb.redirectErrorStream(true); pb.redirectErrorStream(true);
pb.redirectOutput(infoLogPath.toFile()); pb.redirectOutput(infoLogPath.toFile());