diff --git a/pom.xml b/pom.xml
index 1860ad2..c350ad3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -15,6 +15,7 @@
Demo project for Spring Boot
11
+ 1.1.3
@@ -27,6 +28,10 @@
spring-boot-starter-test
test
+
+ io.github.pixee
+ java-security-toolkit
+
@@ -37,5 +42,13 @@
-
+
+
+
+ io.github.pixee
+ java-security-toolkit
+ ${versions.java-security-toolkit}
+
+
+
diff --git a/src/main/java/com/contrast/commandinjection/ExampleApplication.java b/src/main/java/com/contrast/commandinjection/ExampleApplication.java
index 8db4366..6759694 100644
--- a/src/main/java/com/contrast/commandinjection/ExampleApplication.java
+++ b/src/main/java/com/contrast/commandinjection/ExampleApplication.java
@@ -1,5 +1,6 @@
package com.contrast.commandinjection;
+import io.github.pixee.security.SystemCommand;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.DeleteMapping;
@@ -36,7 +37,7 @@ public String processBuilder(@RequestParam String command) throws IOException {
@GetMapping("/exec")
public String exec(@RequestParam String command) throws IOException {
try {
- Process process = Runtime.getRuntime().exec(command);
+ Process process = SystemCommand.runCommand(Runtime.getRuntime(), command);
String result = new String(process.getInputStream().readAllBytes());
return String.format("%s", result);
} catch (Exception ex) {
@@ -79,4 +80,4 @@ public String exec(@RequestParam String command) throws IOException {
// }
// }
-}
\ No newline at end of file
+}