remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: replace shell_exec/exec with Process facade for security

Browse Source
This commit is contained in:
root
2026-05-23 17:14:38 +02:00
parent 14a40b9bb2
commit 2d5f018ff1
2 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Console/Commands/DDoSDetectionCommand.php
+3 -4
View File
@@ -8,6 +8,7 @@ use App\Services\AlertService;
use Illuminate\Console\Command; use Illuminate\Console\Command;
use Illuminate\Support\Facades\Cache; use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Process;
class DDoSDetectionCommand extends Command class DDoSDetectionCommand extends Command
{ {
@@ -166,8 +167,7 @@ class DDoSDetectionCommand extends Command
} }
try { try {
$escapedIp = escapeshellarg($ip); Process::run(['iptables', '-A', 'INPUT', '-s', $ip, '-j', 'DROP']);
exec("iptables -A INPUT -s {$escapedIp} -j DROP 2>/dev/null");
Log::warning("IP blocked due to DDoS detection: {$ip}"); Log::warning("IP blocked due to DDoS detection: {$ip}");
$this->warn("IP {$ip} geblokkeerd via iptables."); $this->warn("IP {$ip} geblokkeerd via iptables.");
} catch (\Exception $e) { } catch (\Exception $e) {
@@ -209,7 +209,6 @@ class DDoSDetectionCommand extends Command
$blocked = array_filter($blocked, fn ($blockedIp) => $blockedIp !== $ip); $blocked = array_filter($blocked, fn ($blockedIp) => $blockedIp !== $ip);
Cache::put(self::CACHE_KEY_BLOCKED_IPS, array_values($blocked), 3600); Cache::put(self::CACHE_KEY_BLOCKED_IPS, array_values($blocked), 3600);
$escapedIp = escapeshellarg($ip); Process::run(['iptables', '-D', 'INPUT', '-s', $ip, '-j', 'DROP']);
exec("iptables -D INPUT -s {$escapedIp} -j DROP 2>/dev/null");
} }
} }
app/Filament/Pages/Monitoring/AlertSettings.php
+3 -3
View File
@@ -1406,9 +1406,9 @@ final class AlertSettings extends Page implements HasForms
{ {
try { try {
$load = sys_getloadavg(); $load = sys_getloadavg();
$cpuCount = (int) shell_exec('nproc 2>/dev/null') ?: 1; $cpuCount = (int) Process::run('nproc 2>/dev/null')->output() ?: 1;
$memoryUsage = shell_exec("free -m | awk '/Mem:/ {printf \"%d%% (%dMB / %dMB)\", $3/$2*100, $3, $2}'"); $memoryUsage = Process::run("free -m | awk '/Mem:/ {printf \"%d%% (%dMB / %dMB)\", $3/$2*100, $3, $2}'")->output();
$diskUsage = shell_exec("df -h / | awk 'NR==2 {print $5 \" used\"}'"); $diskUsage = Process::run("df -h / | awk 'NR==2 {print $5 \" used\"}'")->output();
$html = '<div class="text-sm space-y-1">'; $html = '<div class="text-sm space-y-1">';
$html .= '<div><span class="text-gray-400">CPU Load:</span> <span class="text-green-400">' . $load[0] . '</span> (' . $cpuCount . ' cores)</div>'; $html .= '<div><span class="text-gray-400">CPU Load:</span> <span class="text-green-400">' . $load[0] . '</span> (' . $cpuCount . ' cores)</div>';