From b09012a6b36a943c064c65d5655937aac9fdf4fc Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Wed, 6 May 2026 08:02:45 +0000 Subject: [PATCH 1/4] fix: V-002 security vulnerability Automated security fix generated by Orbis Security AI --- .../src/main/java/com/iluwatar/pageobject/App.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java b/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java index aaf19fb0cee2..2e98241f1c11 100644 --- a/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java +++ b/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java @@ -78,7 +78,7 @@ public static void main(String[] args) { } else { // java Desktop not supported - above unlikely to work for Windows so try instead... - Runtime.getRuntime().exec("cmd.exe start " + applicationFile); + Runtime.getRuntime().exec(new String[]{"cmd.exe", "/c", "start", applicationFile.getAbsolutePath()}); } } catch (IOException ex) { From d68c18bdd207bf8cfac6963f13441e12814c7301 Mon Sep 17 00:00:00 2001 From: OrbisAI Security Date: Fri, 29 May 2026 16:38:28 +0530 Subject: [PATCH 2/4] adding cross-platform support --- .../src/main/java/com/iluwatar/pageobject/App.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java b/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java index 2e98241f1c11..7b07977d25cb 100644 --- a/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java +++ b/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java @@ -27,6 +27,7 @@ import java.awt.Desktop; import java.io.File; import java.io.IOException; +import java.util.Locale; import lombok.extern.slf4j.Slf4j; /** @@ -77,8 +78,17 @@ public static void main(String[] args) { Desktop.getDesktop().open(applicationFile); } else { - // java Desktop not supported - above unlikely to work for Windows so try instead... - Runtime.getRuntime().exec(new String[]{"cmd.exe", "/c", "start", applicationFile.getAbsolutePath()}); + // java Desktop not supported - use ProcessBuilder for cross-platform support + var os = System.getProperty("os.name").toLowerCase(Locale.ROOT); + ProcessBuilder pb; + if (os.contains("win")) { + pb = new ProcessBuilder("cmd.exe", "/c", "start", applicationFile.getAbsolutePath()); + } else if (os.contains("mac")) { + pb = new ProcessBuilder("open", applicationFile.getAbsolutePath()); + } else { + pb = new ProcessBuilder("xdg-open", applicationFile.getAbsolutePath()); + } + pb.start(); } } catch (IOException ex) { From db3f0c6357586b57a0e133040ba9857e4cbabc99 Mon Sep 17 00:00:00 2001 From: OrbisAI Security Date: Fri, 29 May 2026 19:11:16 +0530 Subject: [PATCH 3/4] fixing sonarqube hotspots --- .../src/main/java/com/iluwatar/pageobject/App.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java b/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java index 7b07977d25cb..4cbcd1bb9980 100644 --- a/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java +++ b/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java @@ -78,15 +78,18 @@ public static void main(String[] args) { Desktop.getDesktop().open(applicationFile); } else { - // java Desktop not supported - use ProcessBuilder for cross-platform support + // Use absolute paths to avoid PATH injection vulnerabilities (SonarQube S5304) var os = System.getProperty("os.name").toLowerCase(Locale.ROOT); ProcessBuilder pb; if (os.contains("win")) { - pb = new ProcessBuilder("cmd.exe", "/c", "start", applicationFile.getAbsolutePath()); + // Standard Windows location since Windows NT + pb = new ProcessBuilder("C:\\Windows\\System32\\cmd.exe", "/c", "start", applicationFile.getAbsolutePath()); } else if (os.contains("mac")) { - pb = new ProcessBuilder("open", applicationFile.getAbsolutePath()); + // Standard macOS location for 'open' command + pb = new ProcessBuilder("/usr/bin/open", applicationFile.getAbsolutePath()); } else { - pb = new ProcessBuilder("xdg-open", applicationFile.getAbsolutePath()); + // Standard Linux desktop location for xdg-open + pb = new ProcessBuilder("/usr/bin/xdg-open", applicationFile.getAbsolutePath()); } pb.start(); } From 23814e19a59b8966b0bf36c665c64527e65b83c2 Mon Sep 17 00:00:00 2001 From: OrbisAI Security Date: Fri, 29 May 2026 21:22:15 +0530 Subject: [PATCH 4/4] fixing the formating for java windows --- .../src/main/java/com/iluwatar/pageobject/App.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java b/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java index 4cbcd1bb9980..83667c6c8527 100644 --- a/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java +++ b/page-object/sample-application/src/main/java/com/iluwatar/pageobject/App.java @@ -83,7 +83,12 @@ public static void main(String[] args) { ProcessBuilder pb; if (os.contains("win")) { // Standard Windows location since Windows NT - pb = new ProcessBuilder("C:\\Windows\\System32\\cmd.exe", "/c", "start", applicationFile.getAbsolutePath()); + pb = + new ProcessBuilder( + "C:\\Windows\\System32\\cmd.exe", + "/c", + "start", + applicationFile.getAbsolutePath()); } else if (os.contains("mac")) { // Standard macOS location for 'open' command pb = new ProcessBuilder("/usr/bin/open", applicationFile.getAbsolutePath());