Merge pull request #2940 from mRemoteNG/fix/aikido-security-sast-8815714-tnsC

[Aikido] AI Fix for Possible command injection via Process.Start
2026-02-17 22:11:48 +08:00 · 2025-10-18 21:31:15 +01:00
parent 493ddc1f1f 8e5cdcb6e5
commit 39b863b57e
1 changed files with 2 additions and 1 deletions
--- a/mRemoteNG/Tools/ExternalTool.cs
+++ b/mRemoteNG/Tools/ExternalTool.cs
@@ -156,7 +156,8 @@ namespace mRemoteNG.Tools
            ExternalToolArgumentParser argParser = new(startConnectionInfo);
            process.StartInfo.UseShellExecute = true;
            process.StartInfo.FileName = argParser.ParseArguments(FileName);
-            process.StartInfo.Arguments = argParser.ParseArguments(Arguments);
+            var parsedArgs = argParser.ParseArguments(Arguments).Split(' ');
+            process.StartInfo.ArgumentList.AddRange(parsedArgs);
            if (WorkingDir != "") process.StartInfo.WorkingDirectory = argParser.ParseArguments(WorkingDir);
            if (RunElevated) process.StartInfo.Verb = "runas";
        }