Null injection hardening (Rework)

Moves the ensureNoNullCharacters() out of the constructors and in to run() and start(). Since it is possible to mutate the list returned by NuProcessBuilder.command() a constructor only based approach to validation is insufficient to catch all cases.
brettwooldridge · Sep 19, 2022 · fabf505 · fabf505
1 parent d4005b6
commit fabf505
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/src/main/java/com/zaxxer/nuprocess/NuProcessBuilder.java b/src/main/java/com/zaxxer/nuprocess/NuProcessBuilder.java
@@ -107,7 +107,6 @@ public NuProcessBuilder(List<String> commands, Map<String, String> environment)
       if (commands == null || commands.isEmpty()) {
          throw new IllegalArgumentException("List of commands may not be null or empty");
       }
-      ensureNoNullCharacters(commands);
 
       this.environment = new TreeMap<String, String>(environment);
       this.command = new ArrayList<String>(commands);
@@ -127,7 +126,6 @@ public NuProcessBuilder(List<String> commands)
       if (commands == null || commands.isEmpty()) {
          throw new IllegalArgumentException("List of commands may not be null or empty");
       }
-      ensureNoNullCharacters(commands);
 
       this.environment = new TreeMap<String, String>(System.getenv());
       this.command = new ArrayList<String>(commands);
@@ -146,11 +144,9 @@ public NuProcessBuilder(String... commands)
       if (commands == null || commands.length == 0) {
          throw new IllegalArgumentException("List of commands may not be null or empty");
       }
-      List<String> commandsList = Arrays.asList(commands);
-      ensureNoNullCharacters(commandsList);
 
       this.environment = new TreeMap<String, String>(System.getenv());
-      this.command = new ArrayList<String>(commandsList);
+      this.command = new ArrayList<String>(Arrays.asList(commands));
    }
 
    /**
@@ -257,6 +253,7 @@ public void setCwd(Path cwd)
     */
    public NuProcess start()
    {
+      ensureNoNullCharacters(command);
       ensureListener();
       String[] env = prepareEnvironment();
 
@@ -271,6 +268,7 @@ public NuProcess start()
     */
    public void run()
    {
+      ensureNoNullCharacters(command);
       ensureListener();
       String[] env = prepareEnvironment();