所以我的代碼看起來像這樣,我有一個定義如下的函式:
func shellOut(command string) (string, string, error) {
var stdout bytes.Buffer
var stderr bytes.Buffer
cmd := exec.Command("bash", "-c", command)
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
一段時間后,我正在這樣做。
t := "yoooooooooooo\"oo)(';#oooooooooooo"
out, stderr, err := shellOut("echo \"" t "\" | ./doOperation.sh")
if err != nil {
log.Printf("final error: %v\nstderr: %s", err, stderr)
}
fmt.Println(out)
但我收到一個如下所示的錯誤:
2021/10/14 22:54:18 final error: exit status 1
stderr: bash: -c: line 838: syntax error near unexpected token `('
bash: -c: line 838: ` return "Symbol(" String(void 0 === t ? "" : t) ")_" ( n r).toString(36)'
當我給像“yooooo”這樣的變數 ta 值時,它會被很好地執行,那么我如何將帶有任何奇怪字符的變數傳遞給 echo 呢?有沒有辦法在通過它之前逃脫所有壞角色?
uj5u.com熱心網友回復:
純粹出于學術目的,我發布了這個函式,因為我不得不做類似的事情:
var bashReplacer = strings.NewReplacer(
`)`, `\)`, // using back-ticks to keep our sanity
`(`, `\(`,
`'`, `\'`,
`"`, `\"`,
`$`, `\$`, // include if you don't want variable substitutions
"`", "\\`", // can't use back-ticks to include a back-tick, so back to double-quotes
)
func bashEscape(s string) string { return bashReplacer.Replace(s) }
https://play.golang.org/p/uNfI_2MyjcI
但是,正如我在評論中提到的,您可以通過直接運行目標腳本來避免 shell 轉義的所有痛苦,并UTF-8像這樣輸入您的字串:
func execWithStdin(command, stdinText string) (string, string, error) {
var (
stdout bytes.Buffer
stderr bytes.Buffer
)
cmd := exec.Command(command)
cmd.Stdin = strings.NewReader(stdinText) // pass in our data via Stdin
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
使用:
t := `yoooooooooooo"oo)(';#oooooooooooo`
t = "`" // add a back-tick to make things interesting
// no shell escaping necessary:
out, stderr, err := execWithStdin("./doOperation.sh", t)
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/324008.html
上一篇:如何在子字串列上進行grep