所以我的代码看起来像这样,我有一个函数定义如下:
func shellOut(command string) (string, string, error) {
var stdout bytes.Buffer
var stderr bytes.Buffer
cmd := exec.Command("bash", "-c", command)
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
过了一会儿,我在做这件事。
t := "yoooooooooooo"oo)(';#oooooooooooo"
out, stderr, err := shellOut("echo "" + t + "" | ./doOperation.sh")
if err != nil {
log.Printf("final error: %vnstderr: %s", err, stderr)
}
fmt.Println(out)
但是我得到一个错误,看起来像这样:
2021/10/14 22:54:18 final error: exit status 1
stderr: bash: -c: line 838: syntax error near unexpected token `('
bash: -c: line 838: ` return "Symbol(" + String(void 0 === t ? "" : t) + ")_" + (++n + r).toString(36)'
,当我给变量t赋值为" yoooooo"它执行得很好,那么我如何将带有奇怪字符的变量传递给echo呢?有没有一种方法可以在通过之前逃避所有的坏字符?
出于纯粹的学术目的,我发布了这个函数,因为我之前不得不做类似的事情:
var bashReplacer = strings.NewReplacer(
`)`, `)`, // using back-ticks to keep our sanity
`(`, `(`,
`'`, `'`,
`"`, `"`,
`$`, `$`, // include if you don't want variable substitutions
"`", "\`", // can't use back-ticks to include a back-tick, so back to double-quotes
)
func bashEscape(s string) string { return bashReplacer.Replace(s) }
https://play.golang.org/p/uNfI_2MyjcI
然而,正如我在评论中提到的,您可以通过直接运行目标脚本来避免所有shell转义的痛苦,并像这样不加更改地输入您的UTF-8字符串:
func execWithStdin(command, stdinText string) (string, string, error) {
var (
stdout bytes.Buffer
stderr bytes.Buffer
)
cmd := exec.Command(command)
cmd.Stdin = strings.NewReader(stdinText) // pass in our data via Stdin
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
使用:
t := `yoooooooooooo"oo)(';#oooooooooooo`
t += "`" // add a back-tick to make things interesting
// no shell escaping necessary:
out, stderr, err := execWithStdin("./doOperation.sh", t)