-1

I am having trouble executing a shell command using Java. I am calling 4 commands which are supposed to run the sourceanalyzer executable from within the runFortifyScan method, and populate the fpr and pdf folders that I have created.

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.Set;

public class fortifyrunUtil {
    HashMap<String, Details> projectDetails = new HashMap();

    public fortifyrunUtil() {
        this.projectDetails.put( "bi-dashboard-test", new Details( "bi-dashboard-test", "testuser@123.com" ) );
    }

    public void runFortifyScan() {
        Set<String> projects = this.projectDetails.keySet();
        for ( String project : projects ) {
            try {
                Details details = this.projectDetails.get( project );

                String command = "/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30/bin/sourceanalyzer -64 -b \"" + details.projectname + "\"" + " -clean";
                System.out.println( command );
                String output = this.executeCommand( command );

                command = "/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30/bin/sourceanalyzer -64 -b \"" + details.projectname + "\"" + " -source " + "\"1.6\" " + System.getProperty( "user.dir" ) + "/" + details.projectname;
                System.out.println( command );
                output = this.executeCommand( command );

                command = "/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30/bin/sourceanalyzer -64 -b \"" + details.projectname + "\"" + " -format " + "\"fpr\" -f " + System.getProperty( "user.dir" ) + "/fpr/" + details.projectname + ".fpr -scan";
                System.out.println( command );
                output = this.executeCommand( command );

                command = "/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30/bin/ReportGenerator -template \"DeveloperWorkbook.xml\" -format \"pdf\" -f " + System.getProperty( "user.dir" ) + "/pdf/" + details.projectname + ".pdf" + " -source " + System.getProperty( "user.dir" ) + "/fpr/" + details.projectname + ".fpr";
                System.out.println( command );
                output = this.executeCommand( command );
            } catch ( Exception details ) {
                // empty catch block
                System.out.println( "Error while executing fortify command for " + project );
            }
        }
    }



    private String executeCommand( String command ) {
        StringBuffer output = new StringBuffer();
        try {
            Process p = Runtime.getRuntime().exec( command );
            p.waitFor();
            BufferedReader reader = new BufferedReader( new InputStreamReader( p.getInputStream() ) );
            String line = "";
            while ( (line = reader.readLine()) != null ) {
                output.append( String.valueOf( line ) + "\n" );
            }
        } catch ( Exception e ) {
            e.printStackTrace();
        }
        return output.toString();

    }
}

class Details {
    String projectname;
    String owner;

    public Details( String projectname, String owner ) {
        this.projectname = projectname;
        this.owner = owner;
    }
}
  1. It works for some of the other commands I tried, so, my executeCommand method is working.
  2. Also, I did check the permission of the executable I am executing, and have bumped it up to chmod 777, so as to negate that being the cause of the error(EDIT : ignore the word error, I meant to say, to negate that being the cause of the files not getting generated).

-rwxrwxrwx 1 username admin 51428 Mar 17 2015 sourceanalyzer

  1. Also, I have tried running simple scripts from within the folder where the sourceanalyzer executable is, and that's working as well.
  2. I have tried running these commands from the command-line, outside of Java, and it works as expected.
tubby
  • 2,074
  • 3
  • 33
  • 55
  • 1
    And, "having trouble" means? – OldProgrammer Nov 20 '16 at 04:05
  • 1
    "[...] so as to negate that being the cause of **the error**." -- what error? Include the details of your problem in your question please. – Erwin Bolwidt Nov 20 '16 at 04:10
  • @OldProgrammer, it is not executing and generating the files (pdf) , as it is supposed to, when I run the same commands from the terminal. – tubby Nov 20 '16 at 04:13
  • @ErwinBolwidt, sorry for mentioning "error", I don't get any error, just that the files (pdf) are not generated as expected. I am able to generate the files though through the terminal, and also when I print out the system commands generated the program above, and paste them to a terminal, which means the commands are also correct. Just that when I run the Java program, the files do not get created as expected. – tubby Nov 20 '16 at 04:17

1 Answers1

0

I see that you are trying to use shell argument quoting in your command strings. That does not work in Java, and I suspect it is the root cause of the behavior that you are seeing.

Instead, you should manually split the arguments and pass them as a String[]. For example:

 String BIN = "/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_4.30/bin/";
 String command[] = new String[] {
    "BIN + "sourceanalyzer",
    "-64",
    "-b",
    details.projectname,   //  This can contain spaces!!
    "-clean"};
 output = this.executeCommand(command);

 ...

 private String executeCommand(String[] command) {
     ...
     Process p = Runtime.getRuntime().exec( command );
     ...
 }

(Even if this is not the cause of your problem, you should fix it. Your current approach will lead to arguments with literal quotes being passed to the child process. If some of the arguments that you are attempting to quote contain spaces, things will be even worse.)

If the above is not the problem, another possibility is that you running on a Linux with SELinux in "enforcing" mode, and that is blocking execution of commands ...

Graham
  • 7,431
  • 18
  • 59
  • 84
Stephen C
  • 698,415
  • 94
  • 811
  • 1,216