From d5cfdfb50dfb38a65f1709cfadc1628ff32e546d Mon Sep 17 00:00:00 2001
From: Sergey Toshin <bugi@Sergeys-MacBook-Pro.local>
Date: Sat, 7 Apr 2018 22:28:58 +0300
Subject: [PATCH] Prevents command injections when opening links

---
 jadx-gui/src/main/java/jadx/gui/utils/Link.java | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/jadx-gui/src/main/java/jadx/gui/utils/Link.java b/jadx-gui/src/main/java/jadx/gui/utils/Link.java
index 5cc2fef26..f306dbc01 100644
--- a/jadx-gui/src/main/java/jadx/gui/utils/Link.java
+++ b/jadx-gui/src/main/java/jadx/gui/utils/Link.java
@@ -66,16 +66,22 @@ public class Link extends JLabel implements MouseListener {
 		try {
 			String os = System.getProperty("os.name").toLowerCase();
 			if (os.contains("win")) {
-				Runtime.getRuntime().exec("rundll32 url.dll,FileProtocolHandler " + url);
+				new ProcessBuilder()
+					.command(new String[] {"rundll32", "url.dll,FileProtocolHandler", url})
+					.start();
 				return;
 			}
 			if (os.contains("mac")) {
-				Runtime.getRuntime().exec("open " + url);
+				new ProcessBuilder()
+					.command(new String[] {"open", url})
+					.start();
 				return;
 			}
 			Map<String, String> env = System.getenv();
 			if (env.get("BROWSER") != null) {
-				Runtime.getRuntime().exec(env.get("BROWSER") + " " + url);
+				new ProcessBuilder()
+					.command(new String[] {env.get("BROWSER"), url})
+					.start();
 				return;
 			}
 		} catch (Exception e) {