Why should avoid using Runtime.exec() in java?

Question

   Process p = Runtime.getRuntime().exec(command);
   is = p.getInputStream();
   byte[] userbytes = new byte[1024];
   is.read(userbytes);

I want to execute a shell command in linux os from java . But pmd reports says don't use java Runtime.exec(). Why? What is the reason ? Is there any alternative for Runtime.exec()?

Problem description: Do not use Runtime.exec() to execute commands — kannanrbk
– kannanrbk, Commented May 23, 2012 at 15:41
What is the reason to avoid executing Runtime.exec() method ? . Is this any injection is possible? — kannanrbk
– kannanrbk, Commented May 23, 2012 at 15:43

Julien Kronegg · Accepted Answer · 2016-09-12 20:06:45Z

Unless you're stuck on an ancient JVM, java.lang.ProcessBuilder makes it much easier to specify a process, set up its environment, spawn it, and handle its file descriptors.

This class is used to create operating system processes.

Each ProcessBuilder instance manages a collection of process attributes. The start() method creates a new Process instance with those attributes. The start() method can be invoked repeatedly from the same instance to create new subprocesses with identical or related attributes.

...

Starting a new process which uses the default working directory and environment is easy:
 Process p = new ProcessBuilder("myCommand", "myArg").start();
Here is an example that starts a process with a modified working directory and environment:
 ProcessBuilder pb = new ProcessBuilder("myCommand", "myArg1", "myArg2");
 Map<String, String> env = pb.environment();
 env.put("VAR1", "myValue");
 env.remove("OTHERVAR");
 env.put("VAR2", env.get("VAR1") + "suffix");
 pb.directory(new File("myDir"));
 Process p = pb.start();

Collectives™ on Stack Overflow

Why should avoid using Runtime.exec() in java?

1 Answer 1

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related