I have this block;
Runtime runtime = Runtime.getRuntime(); Process process = runtime.exec("bash -c "mkdir .typo && mkdir .typo/lib && mkdir src/ && mkdir bin/ && ln -sFf .typo/lib lib && mkdir .typo/runtime && touch src/main.typo && echo "@include !mainnndef main(str[255] args) {n std:out("Hello, world!");nn return 0;n}n" >> src/main.typo""); try { process.waitFor(); } catch (InterruptedException interruptedException) { System.exit(130); }
And when I execute it, nothing happens. It sometimes happens but mostly it doesn’t works. I also checked file system and there is nothing different too.
( InterruptedException is imported with import java.lang.InterruptedException
. )
I tried and error is;
.typo: -c: line 0: unexpected EOF while looking for matching `"' .typo: -c: line 1: syntax error: unexpected end of file
Advertisement
Answer
In line with OWASP, I made this to help in making commands more readable and also retrieving their output (once executed).
public class SafeShellExecution { public String Execute(String[] command) { StringBuilder strAppend = new StringBuilder(); try { String line; Process p = Runtime.getRuntime().exec(command); BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream())); while ((line = in.readLine()) != null) { strAppend.append(line); } in.close(); } catch (IOException ex) { Logging.LogException(ex); } return strAppend.toString(); } }
And then define the command cleanly:
public static final String[] GetIPAddress = { "/bin/sh", "-c", "ifconfig | grep -v '127.0.0.' | grep -i 'inet ' | awk {' print $2 '} | paste -sd ','" };
And then execute:
SafeShellExecution.Execute(GetIPAddress);