Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
5.5, 6.0
-
None
-
None
Description
The SolrCLI and the corresponding test use CommandLine.parse() of commons-exec, but in most cases the parameters are not correctly escaped.
CommandLine.parse() should be placed on forbidden-apis list. This is not a valid way to build a command line and execute it. The correct war is to create an instance of the CommandLine class and then add the arguments one-by one:
org.apache.commons.exec.CommandLine startCmd = new org.apache.commons.exec.CommandLine(callScript); startCmd.addArguments(new String[] { "start", cloudModeArg, "-p", Integer.toString(port), "-s", solrHome, hostArg, zkHostArg, memArg, extraArgs, addlOptsArg });
I tried to fix it by using the approach, but the test then fails with other bugs on Windows. I disabled it for now if it detects whitespace in Solr's path. I think the reason might be that some of the above args are empty or are multi-args on itsself, so they get wrongly escaped.
I have no idea how to fix it, but the current way fails completely on Windows, where most users have a whitespace in their home directory or in the "C:\Program Files" folder.