Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder #7709

Closed
wants to merge 5 commits into from

Conversation

RogerRiggs
Copy link
Contributor

@RogerRiggs RogerRiggs commented Mar 4, 2022

Quoting related changes in https://bugs.openjdk.java.net/browse/JDK-8250568 modified the way that
process builder recognized argument strings, causing some arguments to be doubly quoted and malformed.

ProcessBuilder encodes command arguments in two ways, a looser legacy encoding
and stricter encoding that prevents quotes from being misinterpreted.
The system property jdk.lang.Process.allowAmbiguousCommands controls which is in effect.

When the property is "true" or not set, arguments are inserted into the Windows command line
with minimal changes. Arguments containing space or tab are quoted to prevent them being split.
Arguments that start and end with double-quote are left alone.
Some executables interpret a backslash before the final quote as an escape; if the argument
contains first and last quotes, backslashes are ignored.

When the allowAmbigousCommands property is false, care is taken to ensure that
the final quote of an argument is the closing quote for the argument and is not
interpreted as a literal quote by a preceding quote (or an odd number of quotes).

The PR includes a test matrix of the cases where an argument with spaces and a final backslash
is passed with each combination of allowAmbiguousCommands = true and false,
launched executable, java, .cmd, and .vbs and when the argument is surrounded with double-quotes.

The priority for allowAmbiguousCommands = false is that no argument is split or joined to another argument.
In some cases, backslashes are doubled to prevent a double-quote from being interpreted incorrectly.
The trailing backslash in an argument occurs rarely exception when the argument is a directory.
In that case, the addition of trailing backslashes is benign when the string is used as a filesystem path.

See also PR#7504, for background and a proposal.


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed
  • Change requires a CSR request to be approved

Issues

  • JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder
  • JDK-8282989: Incorrect handling of quoted arguments in ProcessBuilder on Windows (CSR)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/7709/head:pull/7709
$ git checkout pull/7709

Update a local copy of the PR:
$ git checkout pull/7709
$ git pull https://git.openjdk.java.net/jdk pull/7709/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 7709

View PR using the GUI difftool:
$ git pr show -t 7709

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/7709.diff

@bridgekeeper
Copy link

bridgekeeper bot commented Mar 4, 2022

👋 Welcome back rriggs! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link

openjdk bot commented Mar 4, 2022

@RogerRiggs The following label will be automatically applied to this pull request:

  • core-libs

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added the core-libs core-libs-dev@openjdk.org label Mar 4, 2022
@RogerRiggs RogerRiggs marked this pull request as ready for review March 10, 2022 20:53
@openjdk openjdk bot added rfr Pull request is ready for review csr Pull request needs approved CSR before integration labels Mar 10, 2022
@mlbridge
Copy link

mlbridge bot commented Mar 10, 2022

Webrevs

@omikhaltsova
Copy link

@RogerRiggs when do you plan to merge this patch approximately?

@RogerRiggs
Copy link
Contributor Author

@omikhaltsova Its taken more time than expected to get the reviews needed. Perhaps in a week or so.

str = str.replace("\r", "");
actual = Arrays.asList(str.split("\n"));
} catch (IOException ioe) {
throw new RuntimeException(ioe.getMessage(), ioe);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think we should also explicitly do a process.destroy here, to force kill the launched process?

// Depending on the mode the final backslash may act as an escape that may turn an added quote to a literal quote
private static final String SPACE_AND_BACKSLASH = "SPACE AND BACKSLASH\\";
private static final char DOUBLE_QUOTE = '"';
private static final char NEWLINE = '\n';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this isn't being used.

@jaikiran
Copy link
Member

Hello Roger, I don't have much knowledge of the Windows semantics in this area, but the change looks OK to me. Just a few minor notes in the test case.

Copy link
Member

@bchristi-git bchristi-git left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks good. I just have a couple small suggestions for the test.


/**
* If zero arguments are supplied, run the test cases.
* If there are arguments, echo them to Stdout.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's worth mentioning that this echoing of the arguments is how the "java invocation" mode is checked -- by spawning an additional copy of ArgCheck.

errors++;
}
} else {
// skip unmatched cases
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can an "ignored" metric be added, along with "success" and "error" ?
I don't like silently skipping parts of a test.
Logging skipped test cases would work, too, but that might make the test output overly verbose.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a count of skipped tests and a final message.

@RogerRiggs
Copy link
Contributor Author

This change required a CSR, now approved.

@openjdk openjdk bot removed the csr Pull request needs approved CSR before integration label Apr 18, 2022
@openjdk
Copy link

openjdk bot commented Apr 18, 2022

@RogerRiggs This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8282008: Incorrect handling of quoted arguments in ProcessBuilder

Reviewed-by: bchristi

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 133 new commits pushed to the master branch:

  • ffdeb32: 8284928: Add links from SourceVersion to specific JLS versions
  • d3d71ea: 8284922: Fix some doc-comment issues on methods with package access in JDK API
  • 6e36c45: 8284923: Update description of SourceVersion.RELEASE_18
  • c63fabe: 8284935: Improve debug in java.security.jgss
  • ef25e18: 8283870: jdeprscan --help causes an exception when the locale is ja, zh_CN or de
  • 21ea740: 8284699: Include all image types to the J2DBench.ColorConvertOpTests
  • e5041ae: 8144030: [macosx] test java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again)
  • f5beafa: 8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
  • 21de4e5: 8284681: compiler/c2/aarch64/TestFarJump.java fails with "RuntimeException: for CodeHeap < 250MB the far jump is expected to be encoded with a single branch instruction"
  • 9695283: 8240903: Add test to check that jmod hashes are reproducible
  • ... and 123 more: https://git.openjdk.java.net/jdk/compare/526e73498eef5c7608845501ab4ebef0997a5c0d...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Apr 18, 2022
@RogerRiggs
Copy link
Contributor Author

/integrate

@openjdk
Copy link

openjdk bot commented Apr 18, 2022

Going to push as commit 897d6c0.
Since your change was applied there have been 133 commits pushed to the master branch:

  • ffdeb32: 8284928: Add links from SourceVersion to specific JLS versions
  • d3d71ea: 8284922: Fix some doc-comment issues on methods with package access in JDK API
  • 6e36c45: 8284923: Update description of SourceVersion.RELEASE_18
  • c63fabe: 8284935: Improve debug in java.security.jgss
  • ef25e18: 8283870: jdeprscan --help causes an exception when the locale is ja, zh_CN or de
  • 21ea740: 8284699: Include all image types to the J2DBench.ColorConvertOpTests
  • e5041ae: 8144030: [macosx] test java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again)
  • f5beafa: 8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
  • 21de4e5: 8284681: compiler/c2/aarch64/TestFarJump.java fails with "RuntimeException: for CodeHeap < 250MB the far jump is expected to be encoded with a single branch instruction"
  • 9695283: 8240903: Add test to check that jmod hashes are reproducible
  • ... and 123 more: https://git.openjdk.java.net/jdk/compare/526e73498eef5c7608845501ab4ebef0997a5c0d...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Apr 18, 2022
@openjdk openjdk bot closed this Apr 18, 2022
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Apr 18, 2022
@openjdk
Copy link

openjdk bot commented Apr 18, 2022

@RogerRiggs Pushed as commit 897d6c0.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@RogerRiggs RogerRiggs deleted the 8282008-quoted-escape branch June 10, 2022 20:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
core-libs core-libs-dev@openjdk.org integrated Pull request has been integrated
Development

Successfully merging this pull request may close these issues.

5 participants