Make Executor return ExecuteResult and fix deadlock in DefaultExecutor.

patrick.allen.higgins · patrick.allen.higgins · commit cfa9b6c8564a · 2010-09-15T00:13:27.000Z
Executor previously returned a String of stdout only, which limited usefulness
for many use cases, including the unit tests which needed to be able to check
both stdout and stderr. Now both are returned to the client along with the
exit status because that is often useful, too.

The new method which has this behavior is named executeProgram(). The old
method executeSystemCommand() has been unchanged for backward compatibility.
diff --git a/src/main/java/org/owasp/esapi/ExecuteResult.java b/src/main/java/org/owasp/esapi/ExecuteResult.java
@@ -0,0 +1,70 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2010 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Patrick Higgins
+ * @created 2010
+ */
+package org.owasp.esapi;
+
+/**
+ * The ExecuteResult class encapsulates the pieces of data that can be returned
+ * from a process executed by the Executor interface.
+ *
+ * This class is immutable for thread-safety.
+ *
+ * @author Patrick Higgins
+ * @since Aug 25, 2010
+ */
+public class ExecuteResult {
+    
+	private final int exitValue;
+	private final String output;
+	private final String errors;
+
+	/**
+	 * Constructs an ExecuteResult from the given values.
+	 *
+	 * @param exitValue
+	 *            the code from java.lang.Process.exitValue()
+	 * @param output
+	 *            the contents read from java.lang.Process.getInputStream()
+	 * @param errors
+	 *            the contents read from java.lang.Process.getErrorStream()
+	 */
+	public ExecuteResult(int exitValue, String output, String errors) {
+		this.exitValue = exitValue;
+		this.output = output;
+		this.errors = errors;
+	}
+
+	/**
+	 * @return the code from java.lang.Process.exitValue()
+	 */
+	public int getExitValue() {
+		return exitValue;
+	}
+
+	/**
+	 * @return the contents read from java.lang.Process.getInputStream()
+	 */
+	public String getOutput() {
+		return output;
+	}
+
+	/**
+	 * @return the contents read from java.lang.Process.getErrorStream()
+	 */
+	public String getErrors() {
+		return errors;
+	}
+
+}
diff --git a/src/main/java/org/owasp/esapi/Executor.java b/src/main/java/org/owasp/esapi/Executor.java
@@ -51,6 +51,8 @@ public interface Executor {
 	 * Implementations must change to the specified working
 	 * directory before invoking the command.
 	 * 
+	 * @deprecated Replaced by executeProgram
+	 * 
 	 * @param executable
 	 *            the command to execute
 	 * @param params
@@ -67,4 +69,26 @@ public interface Executor {
 	 */
 	String executeSystemCommand(File executable, List params, File workdir, Codec codec) throws ExecutorException;
 
+	/**
+	 * Executes a system command after checking that the executable exists and
+	 * escaping all the parameters to ensure that injection is impossible.
+	 * Implementations must change to the specified working
+	 * directory before invoking the command.
+	 * 
+	 * @param executable
+	 *            the command to execute
+	 * @param params
+	 *            the parameters of the command being executed
+	 * @param workdir
+	 *            the working directory
+	 * @param codec
+	 *            the codec to use to encode for the particular OS in use
+	 * 
+	 * @return the results of the command being run
+	 * 
+	 * @throws ExecutorException
+	 *             the service exception
+	 */
+	ExecuteResult executeProgram(File executable, List params, File workdir, Codec codec) throws ExecutorException;
+
 }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
@@ -23,6 +23,7 @@
 import java.util.List;
 
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.ExecuteResult;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.errors.ExecutorException;
@@ -51,6 +52,15 @@ public class DefaultExecutor implements org.owasp.esapi.Executor {
     public DefaultExecutor() {
     }
 
+    /**
+     * {@inheritDoc}
+     * 
+     * <p>The reference implementation calls <tt>executeProgram( ... ).getOutput()</tt>.</p>
+     */
+    public String executeSystemCommand(File executable, List params, File workdir, Codec codec) throws ExecutorException {
+    	return executeProgram(executable, params, workdir, codec).getOutput();
+    }
+
     /**
      * {@inheritDoc}
      * 
@@ -63,7 +73,7 @@ public DefaultExecutor() {
      * the parameters. You MUST change this behavior if you are passing credit card numbers, TIN/SSN, or 
      * health information through this reference implementation, such as to a credit card or HL7 gateway.</p> 
      */
-    public String executeSystemCommand(File executable, List params, File workdir, Codec codec) throws ExecutorException {
+    public ExecuteResult executeProgram(File executable, List params, File workdir, Codec codec) throws ExecutorException {
         try {
             logger.warning(Logger.SECURITY, true, "Initiating executable: " + executable + " " + params + " in " + workdir);
  
@@ -89,7 +99,6 @@ public String executeSystemCommand(File executable, List params, File workdir, C
             
             params.add(0, executable.getCanonicalPath());
             String[] command = (String[])params.toArray( new String[0] );
-            Process process = Runtime.getRuntime().exec(command, new String[0], workdir);
             
             // Future - this is how to implement this in Java 1.5+
             // ProcessBuilder pb = new ProcessBuilder(params);
@@ -100,16 +109,39 @@ public String executeSystemCommand(File executable, List params, File workdir, C
             // pb.redirectErrorStream(true);
             // Process process = pb.start();
 
-            String output = readStream( process.getInputStream() );
-            String errors = readStream( process.getErrorStream() );
+            final StringBuffer outputBuffer = new StringBuffer();
+            final StringBuffer errorsBuffer = new StringBuffer();
+
+            final Process process = Runtime.getRuntime().exec(command, new String[0], workdir);
+            try {
+                ReadThread errorReader = new ReadThread(process.getErrorStream(), errorsBuffer);
+                errorReader.start();
+                readStream( process.getInputStream(), outputBuffer );
+                errorReader.join();
+                if (errorReader.exception != null) {
+                    throw errorReader.exception;
+                }
+                process.waitFor();
+            } catch (Throwable e) {
+                process.destroy();
+                throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
+            }
+
+            String output = outputBuffer.toString();
+            String errors = errorsBuffer.toString();
+            int exitValue = process.exitValue();
+
             if ( errors != null && errors.length() > 0 ) {
-            	logger.warning( Logger.SECURITY, false, "Error during system command: " + errors );
+                logger.warning( Logger.SECURITY, false, "Error during system command: " + errors );
+            }
+            if ( exitValue != 0 ) {
+                logger.warning( Logger.SECURITY, false, "System command exited with non-zero status: " + exitValue );
             }
             logger.warning(Logger.SECURITY, true, "System command complete: " + params);
-            return output;
-        } catch (Exception e) {
+            return new ExecuteResult(exitValue, output, errors);
+        } catch (IOException e) {
             throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
-        }        
+        }
     }
 
     /**
@@ -121,15 +153,33 @@ public String executeSystemCommand(File executable, List params, File workdir, C
      * 			a string containing as many lines as the input stream contains, with newlines between lines
      * @throws IOException
      */
-    private String readStream( InputStream is ) throws IOException {
+    private static void readStream( InputStream is, StringBuffer sb ) throws IOException {
 	    InputStreamReader isr = new InputStreamReader(is);
 	    BufferedReader br = new BufferedReader(isr);
-	    StringBuffer sb = new StringBuffer();
 	    String line;
 	    while ((line = br.readLine()) != null) {
-	        sb.append(line + "\n");
+	        sb.append(line).append("\n");
 	    }
-	    return sb.toString();
     }
-    
+
+    private static class ReadThread extends Thread {
+        volatile IOException exception;
+        private final InputStream stream;
+        private final StringBuffer buffer;
+
+        ReadThread(InputStream stream, StringBuffer buffer) {
+            this.stream = stream;
+            this.buffer = buffer;
+        }
+
+        public void run() {
+            try {
+                readStream(stream, buffer);
+            } catch (IOException e) {
+                exception = e;
+            }
+        }
+
+    }
+
 }
diff --git a/src/test/java/org/owasp/esapi/reference/ExecutorTest.java b/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
@@ -26,12 +26,13 @@
 import junit.framework.TestSuite;
 
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.ExecuteResult;
 import org.owasp.esapi.Executor;
 import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.SecurityConfigurationWrapper;
 import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.WindowsCodec;
 import org.owasp.esapi.codecs.UnixCodec;
+import org.owasp.esapi.codecs.WindowsCodec;
 import org.owasp.esapi.util.FileTestUtils;
 
 
@@ -77,8 +78,8 @@ public class ExecutorTest extends TestCase
 	 */
 	private static class Conf extends SecurityConfigurationWrapper
 	{
-		private List allowedExes;
-		private File workingDir;
+		private final List allowedExes;
+		private final File workingDir;
 
 		/**
 		 * Create wrapper with the specified allowed execs and
@@ -164,15 +165,17 @@ public static Test suite() {
 	public void testExecuteJava() throws Exception
 	{
 		List params = new ArrayList();
-		String result;
+		ExecuteResult result;
 
 		// -version goes to stderr which executeSystemCommand doesn't read...
 		// -help goes to stdout so we'll use that...
 		params.add("-help");
 
-		result = instance.executeSystemCommand(JAVA_CMD, params, TMP_DIR, codec);
+		result = instance.executeProgram(JAVA_CMD, params, TMP_DIR, codec);
 		assertNotNull("result of java -version was null", result);
-		assertTrue("result of java -help did not contain -version", result.indexOf("-version") >= 0);
+		assertTrue("result of java -help did not contain -version",
+                   result.getOutput().indexOf("-version") >= 0 ||
+                   result.getErrors().indexOf("-version") >= 0);
 	}
 
 	public void testExecuteJavaSemicolenInject() throws Exception
