Hi Roger,
I'm trying the following (ugly) code on JDK 17/Win, where Args.exe does
nothing else than writing out its argv[], redirecting to a log file.
public static void main(String[] args) throws IOException,
InterruptedException {
String[] command = {
"C:\\Users\\alpha\\Args.exe",
"",
"a",
"",
"b",
"",
};
var processBuilder = new ProcessBuilder(command);
processBuilder.redirectOutput(new
File("C:\\Users\\alpha\\my.log"));
var process = processBuilder.start();
Thread.sleep(2_000);
System.out.println("process.exitValue() = " + process.exitValue());
}
Here's the log file
argv[0] = [C:\Users\alpha\Args.exe]
argv[1] = []
argv[2] = [a]
argv[3] = []
argv[4] = [b]
argv[5] = []
so empty args seem to work correctly, at least in this plain example.
Have you specific examples that behave incorrectly?
I'm asking because I'd like to setup a simple set of rules to solve the
issue on Windows altogether.
On 2022-01-28 16:48, Roger Riggs wrote:
Hi Raffaello,
For .exe executables, one example is an empty string in the list of
arguments to ProcessBuilder.
The empty string is not visible in the generated command line. For
position sensitive commands, it appears the argument is dropped.
An argument in ProcessBuilder with mismatched quotes can cause the
argument to be joined with the next in the generated command line.
A stray "\" at the end of an argument can cause the following character
to be quoted, possibly joining the argument with the next.
For .cmd executables, cmd.exe interprets more characters as argument
separators and will split arguments.
For example, an argument with a semi-colon or comma, (unquoted) will be
split into two arguments when parsed by cmd.exe.
The goal is to improve the integrity and robustness of the command
encoding.
Thanks, Roger
On 1/28/22 4:07 AM, Raffaello Giulietti wrote:
Hello,
if I understand correctly, the issue addressed here (on Windows) is
how to assemble a single command string from an array of argument
strings to pass to CreateProcess() in a way that the individual
argument strings can be fully recovered in the invoked program.
Similarly when the command string is passed to an instance of cmd.exe.
Are there known (non security critical) examples that do not work
correctly JDK 18 or earlier?
Greetings
Raffaello
On 2022-01-20 19:05, Roger Riggs wrote:
A JEP to Improve safety of process launch by ProcessBuilder and
Runtime.exec on Windows[1].
Argument encoding errors have been problematic on Windows systems due to
improperly quoted command arguments.
The idea is to tighten up quoting and encoding of command line
arguments.
Comments appreciated, Roger
[1] https://bugs.openjdk.java.net/browse/JDK-8263697
