英文:
How to pass a golang variables( can contain any character) to echo binary in linux?
问题
我的代码看起来像这样,我定义了一个函数如下:
func shellOut(command string) (string, string, error) {
var stdout bytes.Buffer
var stderr bytes.Buffer
cmd := exec.Command("bash", "-c", command)
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
然后稍后我这样做。
t := "yoooooooooooo\"oo)(';#oooooooooooo"
out, stderr, err := shellOut("echo \"" + t + "\" | ./doOperation.sh")
if err != nil {
log.Printf("final error: %v\nstderr: %s", err, stderr)
}
fmt.Println(out)
但是我得到了以下错误:
2021/10/14 22:54:18 final error: exit status 1
stderr: bash: -c: line 838: syntax error near unexpected token `('
bash: -c: line 838: ` return "Symbol(" + String(void 0 === t ? "" : t) + ")_" + (++n + r).toString(36)';
当我给变量t赋一个值,比如"yooooo"时,它可以正常执行。那么我如何传递一个带有任何奇怪字符的变量到echo命令中?有没有一种方法在传递之前转义所有不良字符?
英文:
so my code looks like this , i have a function defined as the following :
func shellOut(command string) (string, string, error) {
var stdout bytes.Buffer
var stderr bytes.Buffer
cmd := exec.Command("bash", "-c", command)
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
and a while later i am doing this.
t := "yoooooooooooo\"oo)(';#oooooooooooo"
out, stderr, err := shellOut("echo \"" + t + "\" | ./doOperation.sh")
if err != nil {
log.Printf("final error: %v\nstderr: %s", err, stderr)
}
fmt.Println(out)
but i am getting an error that looks like this:
2021/10/14 22:54:18 final error: exit status 1
stderr: bash: -c: line 838: syntax error near unexpected token `('
bash: -c: line 838: ` return "Symbol(" + String(void 0 === t ? "" : t) + ")_" + (++n + r).toString(36)'
and when i give the variable t a value like "yooooo" its gets executed nicely, so how can i pass a variable with any weird character into echo? is there a way to escape all bad character before passing it?
答案1
得分: 1
纯粹出于学术目的,我发布了这个函数,因为我之前不久也做过类似的事情:
var bashReplacer = strings.NewReplacer(
`)`, `\)`,
`(`, `\(`,
`'`, `\'`,
`"`, `\"`,
`$`, `$`,
"`", "\\`",
)
func bashEscape(s string) string { return bashReplacer.Replace(s) }
然而,正如我在评论中提到的,你可以通过直接运行目标脚本并将UTF-8字符串原样传入来避免所有的shell转义痛苦,方法如下:
func execWithStdin(command, stdinText string) (string, string, error) {
var (
stdout bytes.Buffer
stderr bytes.Buffer
)
cmd := exec.Command(command)
cmd.Stdin = strings.NewReader(stdinText) // 通过Stdin传入数据
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
使用方法:
t := `yoooooooooooo"oo)(';#oooooooooooo`
t += "`" // 添加一个反引号以增加趣味性
// 无需进行shell转义:
out, stderr, err := execWithStdin("./doOperation.sh", t)
以上是要翻译的内容。
英文:
For purely academic purposes, I'm posting this function, as I had to do something similar a while back:
var bashReplacer = strings.NewReplacer(
`)`, `\)`, // using back-ticks to keep our sanity
`(`, `\(`,
`'`, `\'`,
`"`, `\"`,
`$`, `$`, // include if you don't want variable substitutions
"`", "\\`", // can't use back-ticks to include a back-tick, so back to double-quotes
)
func bashEscape(s string) string { return bashReplacer.Replace(s) }
https://play.golang.org/p/uNfI_2MyjcI
However, as I mentioned in the comments, you can avoid all the pain of shell escaping by just running the target script directly, and feed in your UTF-8 string unaltered like so:
func execWithStdin(command, stdinText string) (string, string, error) {
var (
stdout bytes.Buffer
stderr bytes.Buffer
)
cmd := exec.Command(command)
cmd.Stdin = strings.NewReader(stdinText) // pass in our data via Stdin
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
to use:
t := `yoooooooooooo"oo)(';#oooooooooooo`
t += "`" // add a back-tick to make things interesting
// no shell escaping necessary:
out, stderr, err := execWithStdin("./doOperation.sh", t)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论