Proposed JEP: Safer Process Launch by ProcessBuilder and Runtime.exec

Raffaello Giulietti raffaello.giulietti at gmail.com
Fri Jan 28 19:14:51 UTC 2022 

Hi Roger,

I'm trying the following (ugly) code on JDK 17/Win, where Args.exe does 
nothing else than writing out its argv[], redirecting to a log file.

     public static void main(String[] args) throws IOException, 
InterruptedException {
         String[] command = {
                 "C:\\Users\\alpha\\Args.exe",
                 "",
                 "a",
                 "",
                 "b",
                 "",
         };
         var processBuilder = new ProcessBuilder(command);
         processBuilder.redirectOutput(new 
File("C:\\Users\\alpha\\my.log"));
         var process = processBuilder.start();
         Thread.sleep(2_000);
         System.out.println("process.exitValue() = " + process.exitValue());
     }


Here's the log file

argv[0] = [C:\Users\alpha\Args.exe]
argv[1] = []
argv[2] = [a]
argv[3] = []
argv[4] = [b]
argv[5] = []

so empty args seem to work correctly, at least in this plain example.

Have you specific examples that behave incorrectly?
I'm asking because I'd like to setup a simple set of rules to solve the 
issue on Windows altogether.





On 2022-01-28 16:48, Roger Riggs wrote:
> Hi Raffaello,
> 
> For .exe executables, one example is an empty string in the list of 
> arguments to ProcessBuilder.
> The empty string is not visible in the generated command line. For 
> position sensitive commands, it appears the argument is dropped.
> An argument in ProcessBuilder with mismatched quotes can cause the 
> argument to be joined with the next in the generated command line.
> A stray "\" at the end of an argument can cause the following character 
> to be quoted, possibly joining the argument with the next.
> 
> For .cmd executables, cmd.exe interprets more characters as argument 
> separators and will split arguments.
> For example, an argument with a semi-colon or comma, (unquoted) will be 
> split into two arguments when parsed by cmd.exe.
> The goal is to improve the integrity and robustness of the command 
> encoding.
> 
> Thanks, Roger
> 
> 
> On 1/28/22 4:07 AM, Raffaello Giulietti wrote:
>> Hello,
>>
>> if I understand correctly, the issue addressed here (on Windows) is 
>> how to assemble a single command string from an array of argument 
>> strings to pass to CreateProcess() in a way that the individual 
>> argument strings can be fully recovered in the invoked program.
>> Similarly when the command string is passed to an instance of cmd.exe.
>>
>> Are there known (non security critical) examples that do not work 
>> correctly JDK 18 or earlier?
>>
>>
>> Greetings
>> Raffaello
>>
>>
>> On 2022-01-20 19:05, Roger Riggs wrote:
>>> A JEP to Improve safety of process launch by ProcessBuilder and 
>>> Runtime.exec on Windows[1].
>>>
>>> Argument encoding errors have been problematic on Windows systems due to
>>> improperly quoted command arguments.
>>>
>>> The idea is to tighten up quoting and encoding of command line 
>>> arguments.
>>>
>>> Comments appreciated,  Roger
>>>
>>> [1] https://bugs.openjdk.java.net/browse/JDK-8263697
>

More information about the core-libs-dev mailing list