remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: replace shell_exec/exec with Process facade for security

Browse Source
This commit is contained in:
root
2026-05-23 17:14:38 +02:00
parent 14a40b9bb2
commit 2d5f018ff1
2 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Console/Commands/DDoSDetectionCommand.php
+3 -4
View File
@@ -8,6 +8,7 @@ use App\Services\AlertService;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Process;
class DDoSDetectionCommand extends Command
{
@@ -166,8 +167,7 @@ class DDoSDetectionCommand extends Command
}
try {
$escapedIp = escapeshellarg($ip);
exec("iptables -A INPUT -s {$escapedIp} -j DROP 2>/dev/null");
Process::run(['iptables', '-A', 'INPUT', '-s', $ip, '-j', 'DROP']);
Log::warning("IP blocked due to DDoS detection: {$ip}");
$this->warn("IP {$ip} geblokkeerd via iptables.");
} catch (\Exception $e) {
@@ -209,7 +209,6 @@ class DDoSDetectionCommand extends Command
$blocked = array_filter($blocked, fn ($blockedIp) => $blockedIp !== $ip);
Cache::put(self::CACHE_KEY_BLOCKED_IPS, array_values($blocked), 3600);
$escapedIp = escapeshellarg($ip);
exec("iptables -D INPUT -s {$escapedIp} -j DROP 2>/dev/null");
Process::run(['iptables', '-D', 'INPUT', '-s', $ip, '-j', 'DROP']);
}
}