Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958733
Bug ID: 958733
Summary: plexus-utils: suspicious shell quoting in
org.codehaus.plexus.util.cli
Product: Fedora
Version: 18
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
The shell quoting logic in this package (and the
org.codehaus.plexus.util.cli.shell) package looks fairly dangerous. It appears
to be mostly dead code. Client code should be migrated to
java.lang.ProcessBuilder.
The different quoting options (single quotes, double quotes) are difficult to
get right, and the reference to StringUtils is not particularly helpful because
the caller has to provide the correct set of characters to be escaped, which is
platform-dependent.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=JhGrfK5sg6&a=cc_unsubscribe