This is an automated email from the ASF dual-hosted git repository. glauesppen pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/incubator-wayang.git
commit afd732aa195e1d09dd9f656c418d14cabcc8fd6f Author: Alexander Alten <[email protected]> AuthorDate: Thu Aug 17 11:44:31 2023 +0200 Update Grep.java split the command and its arguments into separate strings, ensuring that the output variable is passed as a single argument to the rm command, regardless of its content. Avoids arbitrary command execution. --- .../code/main/java/org/apache/wayang/apps/grep/Grep.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/wayang-benchmark/code/main/java/org/apache/wayang/apps/grep/Grep.java b/wayang-benchmark/code/main/java/org/apache/wayang/apps/grep/Grep.java index fe59312e..9ece8ab8 100644 --- a/wayang-benchmark/code/main/java/org/apache/wayang/apps/grep/Grep.java +++ b/wayang-benchmark/code/main/java/org/apache/wayang/apps/grep/Grep.java @@ -104,10 +104,8 @@ public class Grep implements Serializable { String input = args[2]+"/python/src/pywy/tests/resources/10e"+size+"MB.input"; String output = args[2]+"/lala.out"; - String command = "rm -r "+output; - Runtime rt = Runtime.getRuntime(); - Process process = rt.exec(new String[] { - (command)}); + String[] command = {"rm", "-r", output}; + Process process = Runtime.getRuntime().exec(command); long pre = System.currentTimeMillis(); switch (platform){
