Bug fix#3 command injection

bhargavssbt38 · Nov 13, 2018 · 98afb44 · 98afb44
1 parent 92f8c85
commit 98afb44
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/api/src/test/java/org/openmrs/test/MigrateDataSet.java b/api/src/test/java/org/openmrs/test/MigrateDataSet.java
@@ -182,8 +182,14 @@ private static String execMysqlCmd(String cmd, String sourceFile, boolean includ
 			// file system permission issue.
 			// Could not create lcab.tmp file in default working directory
 			// (jmiranda).
-			Process p = (wd != null) ? Runtime.getRuntime().exec(cmds, null, wd) : Runtime.getRuntime().exec(cmds);
-
+			 if(Process p = (wd != null)){
+				 final List<String> blkList = Arrays.asList("command1","command2","command3");
+				 final List<String> whiList = Arrays.asList("command11","command22","command33");
+			     if(whilist.contains(cmds))
+					 Runtime.getRuntime().exec(cmds,null,wd);
+				 else if(blkList.contains(cmds))
+					 Runtime.getRuntime().exec(cmds);
+		     }		 
 			// get the stdout
 			out.append("Normal cmd output:\n");
 			Reader reader = new InputStreamReader(p.getInputStream());