diff --git a/clouddriver-kubernetes/src/integration/java/com/netflix/spinnaker/clouddriver/kubernetes/it/containers/KubernetesCluster.java b/clouddriver-kubernetes/src/integration/java/com/netflix/spinnaker/clouddriver/kubernetes/it/containers/KubernetesCluster.java index d8d086a205b..3486a679911 100644 --- a/clouddriver-kubernetes/src/integration/java/com/netflix/spinnaker/clouddriver/kubernetes/it/containers/KubernetesCluster.java +++ b/clouddriver-kubernetes/src/integration/java/com/netflix/spinnaker/clouddriver/kubernetes/it/containers/KubernetesCluster.java @@ -108,9 +108,13 @@ public String execKubectl(String args, Map manifest) String json = manifestToJson(manifest); ProcessBuilder builder = new ProcessBuilder(); List cmd = new ArrayList<>(); - cmd.add("sh"); - cmd.add("-c"); - cmd.add(KUBECTL_PATH + " --kubeconfig=" + KUBECFG_PATH + " " + args); + cmd.add(KUBECTL_PATH.toString()); + cmd.add("--kubeconfig=" + KUBECFG_PATH.toString()); + // Split args on whitespace and add each argument separately to avoid shell injection + if (args != null && !args.trim().isEmpty()) { + String[] argArray = args.trim().split("\\s+"); + cmd.addAll(Arrays.asList(argArray)); + } builder.command(cmd); builder.redirectErrorStream(true); Process process = builder.start(); @@ -193,9 +197,12 @@ private void createCluster() throws IOException, InterruptedException { private String runKindCmd(String args) throws IOException, InterruptedException { ProcessBuilder builder = new ProcessBuilder(); List cmd = new ArrayList<>(); - cmd.add("sh"); - cmd.add("-c"); - cmd.add(Paths.get(IT_BUILD_HOME.toString(), "kind") + " " + args); + cmd.add(Paths.get(IT_BUILD_HOME.toString(), "kind").toString()); + // Split args on whitespace and add each argument separately to avoid shell injection + if (args != null && !args.trim().isEmpty()) { + String[] argArray = args.trim().split("\\s+"); + cmd.addAll(Arrays.asList(argArray)); + } builder.command(cmd); builder.redirectErrorStream(true); Process process = builder.start();