I have this block;
JavaScript
x
Runtime runtime = Runtime.getRuntime();Process process = runtime.exec("bash -c "mkdir .typo && mkdir .typo/lib && mkdir src/ && mkdir bin/ && ln -sFf .typo/lib lib && mkdir .typo/runtime && touch src/main.typo && echo "@include !mainnndef main(str[255] args) {n std:out("Hello, world!");nn return 0;n}n" >> src/main.typo"");try { process.waitFor();} catch (InterruptedException interruptedException) { System.exit(130);}And when I execute it, nothing happens. It sometimes happens but mostly it doesn’t works. I also checked file system and there is nothing different too.
( InterruptedException is imported with import java.lang.InterruptedException. )
I tried and error is;
JavaScript
.typo: -c: line 0: unexpected EOF while looking for matching `"'.typo: -c: line 1: syntax error: unexpected end of fileAdvertisement
Answer
In line with OWASP, I made this to help in making commands more readable and also retrieving their output (once executed).
JavaScript
public class SafeShellExecution { public String Execute(String[] command) { StringBuilder strAppend = new StringBuilder(); try { String line; Process p = Runtime.getRuntime().exec(command); BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream())); while ((line = in.readLine()) != null) { strAppend.append(line); } in.close(); } catch (IOException ex) { Logging.LogException(ex); } return strAppend.toString(); }}And then define the command cleanly:
JavaScript
public static final String[] GetIPAddress = { "/bin/sh", "-c", "ifconfig | grep -v '127.0.0.' | grep -i 'inet ' | awk {' print $2 '} | paste -sd ','" };And then execute:
JavaScript
SafeShellExecution.Execute(GetIPAddress);