/**
  * Tests if the given <b>file</b> is executable.
  *
  * @param file The file to test.
  * @return boolean
  */
 private static boolean isExecutable(File file) {
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
     try {
       sm.checkExec(file.getAbsolutePath());
     } catch (SecurityException se) {
       return false;
     }
   }
   return true;
 }
Ejemplo n.º 2
0
 /**
  * Create a new subprocess with the specified command line, already tokenized, and the specified
  * environment and working directory. If the environment is null, the process inherits the
  * environment of this process. If the directory is null, the process uses the current working
  * directory. A security check is performed, <code>checkExec</code>.
  *
  * @param cmd the command to call
  * @param env the environment to use, in the format name=value
  * @param dir the working directory to use
  * @return the Process object
  * @throws SecurityException if permission is denied
  * @throws IOException if an I/O error occurs
  * @throws NullPointerException if cmd is null, or cmd or env has null entries
  * @throws IndexOutOfBoundsException if cmd is length 0
  * @since 1.3
  */
 public Process exec(String[] cmd, String[] env, File dir) throws IOException {
   SecurityManager sm = SecurityManager.current; // Be thread-safe!
   if (sm != null) sm.checkExec(cmd[0]);
   return execInternal(cmd, env, dir);
 }
 @Override
 public void checkExec(final String pCmd) {
   if (finalSecurityManager != null) finalSecurityManager.checkExec(pCmd);
 }
Ejemplo n.º 4
0
  private ProcessImpl(
      String cmd[],
      final String envblock,
      final String path,
      final long[] stdHandles,
      final boolean redirectErrorStream)
      throws IOException {
    String cmdstr;
    SecurityManager security = System.getSecurityManager();
    boolean allowAmbigousCommands = false;
    if (security == null) {
      String value = System.getProperty("jdk.lang.Process.allowAmbigousCommands");
      if (value != null) allowAmbigousCommands = !"false".equalsIgnoreCase(value);
    }
    if (allowAmbigousCommands) {
      // Legacy mode.

      // Normalize path if possible.
      String executablePath = new File(cmd[0]).getPath();

      // No worry about internal and unpaired ["] .
      if (needsEscaping(false, executablePath)) executablePath = quoteString(executablePath);

      cmdstr =
          createCommandLine(
              false, // legacy mode doesn't worry about extended verification
              executablePath,
              cmd);
    } else {
      String executablePath;
      try {
        executablePath = getExecutablePath(cmd[0]);
      } catch (IllegalArgumentException e) {
        // Workaround for the calls like
        // Runtime.getRuntime().exec("\"C:\\Program Files\\foo\" bar")

        // No chance to avoid CMD/BAT injection, except to do the work
        // right from the beginning. Otherwise we have too many corner
        // cases from
        //    Runtime.getRuntime().exec(String[] cmd [, ...])
        // calls with internal ["] and escape sequences.

        // Restore original command line.
        StringBuilder join = new StringBuilder();
        // terminal space in command line is ok
        for (String s : cmd) join.append(s).append(' ');

        // Parse the command line again.
        cmd = getTokensFromCommand(join.toString());
        executablePath = getExecutablePath(cmd[0]);

        // Check new executable name once more
        if (security != null) security.checkExec(executablePath);
      }

      // Quotation protects from interpretation of the [path] argument as
      // start of longer path with spaces. Quotation has no influence to
      // [.exe] extension heuristic.
      cmdstr =
          createCommandLine(
              // We need the extended verification procedure for CMD files.
              isShellFile(executablePath), quoteString(executablePath), cmd);
    }

    handle = create(cmdstr, envblock, path, stdHandles, redirectErrorStream);

    java.security.AccessController.doPrivileged(
        new java.security.PrivilegedAction<Void>() {
          public Void run() {
            if (stdHandles[0] == -1L) stdin_stream = ProcessBuilder.NullOutputStream.INSTANCE;
            else {
              FileDescriptor stdin_fd = new FileDescriptor();
              fdAccess.setHandle(stdin_fd, stdHandles[0]);
              stdin_stream = new BufferedOutputStream(new FileOutputStream(stdin_fd));
            }

            if (stdHandles[1] == -1L) stdout_stream = ProcessBuilder.NullInputStream.INSTANCE;
            else {
              FileDescriptor stdout_fd = new FileDescriptor();
              fdAccess.setHandle(stdout_fd, stdHandles[1]);
              stdout_stream = new BufferedInputStream(new FileInputStream(stdout_fd));
            }

            if (stdHandles[2] == -1L) stderr_stream = ProcessBuilder.NullInputStream.INSTANCE;
            else {
              FileDescriptor stderr_fd = new FileDescriptor();
              fdAccess.setHandle(stderr_fd, stdHandles[2]);
              stderr_stream = new FileInputStream(stderr_fd);
            }

            return null;
          }
        });
  }
 @Override
 public void checkExec(final String cmd) {
   if (securityManager != null) securityManager.checkExec(cmd);
 }