[
https://issues.apache.org/jira/browse/SOLR-8877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Uwe Schindler updated SOLR-8877:
Description:
The SolrCLI and the corresponding test use CommandLine.parse() of commons-exec,
but in most cases the parameters are not correctly escaped.
CommandLine.parse() should be placed on forbidden-apis list. This is *not* a
valid way to build a command line and execute it. The correct war is to create
an instance of the CommandLine class and then add the arguments one-by one:
{code:java}
org.apache.commons.exec.CommandLine startCmd = new
org.apache.commons.exec.CommandLine(callScript);
startCmd.addArguments(new String[] {
"start",
cloudModeArg,
"-p",
Integer.toString(port),
"-s",
solrHome,
hostArg,
zkHostArg,
memArg,
extraArgs,
addlOptsArg
});
{code}
I tried to fix it by using the approach, but the test then fails with other
bugs on Windows. I disabled it for now if it detects whitespace in Solr's path.
I think the reason might be that some of the above args are empty or are
multi-args on itsself, so they get wrongly escaped.
I have no idea how to fix it, but the current way fails completely on Windows,
where most users have a whitespace in their home directory or in the
"C:\Program Files" folder.
was:
The SolrCLI and the corresponding test use CommandLine.parse() of commons-exec,
but in most cases the parameters are not correctly escaped.
CommandLine.parse() should be placed on forbidden-apis list. This is *not* a
valid way to build a command line and execute it. The correct war is to create
an instance of the CommandLine class and then add the arguments one-by one:
{code:java}
org.apache.commons.exec.CommandLine startCmd = new
org.apache.commons.exec.CommandLine(callScript);
startCmd.addArguments(new String[] {
"start",
callScript,
"-p",
Integer.toString(port),
"-s",
solrHome,
hostArg,
zkHostArg,
memArg,
extraArgs,
addlOptsArg
});
{code}
I tried to fix it by using the approach, but the test then fails with other
bugs on Windows. I disabled it for now if it detects whitespace in Solr's path.
I think the reason might be that some of the above args are empty or are
multi-args on itsself, so they get wrongly escaped.
I have no idea how to fix it, but the current way fails completely on Windows,
where most users have a whitespace in their home directory or in the
"C:\Program Files" folder.
> SolrCLI.java and corresponding test does not work with whitespace in path
> -
>
> Key: SOLR-8877
> URL: https://issues.apache.org/jira/browse/SOLR-8877
> Project: Solr
> Issue Type: Bug
> Components: scripts and tools
>Affects Versions: 5.5, 6.0
>Reporter: Uwe Schindler
> Attachments: SOLR-8877.patch
>
>
> The SolrCLI and the corresponding test use CommandLine.parse() of
> commons-exec, but in most cases the parameters are not correctly escaped.
> CommandLine.parse() should be placed on forbidden-apis list. This is *not* a
> valid way to build a command line and execute it. The correct war is to
> create an instance of the CommandLine class and then add the arguments one-by
> one:
> {code:java}
> org.apache.commons.exec.CommandLine startCmd = new
> org.apache.commons.exec.CommandLine(callScript);
> startCmd.addArguments(new String[] {
> "start",
> cloudModeArg,
> "-p",
> Integer.toString(port),
> "-s",
> solrHome,
> hostArg,
> zkHostArg,
> memArg,
> extraArgs,
> addlOptsArg
> });
> {code}
> I tried to fix it by using the approach, but the test then fails with other
> bugs on Windows. I disabled it for now if it detects whitespace in Solr's
> path. I think the reason might be that some of the above args are empty or
> are multi-args on itsself, so they get wrongly escaped.
> I have no idea how to fix it, but the current way fails completely on
> Windows, where most users have a whitespace in their home directory or in the
> "C:\Program Files" folder.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
