Home > Blockchain >  How to pass a golang variables( can contain any character) to echo binary in linux?
How to pass a golang variables( can contain any character) to echo binary in linux?

Time:10-18

so my code looks like this , i have a function defined as the following :

func shellOut(command string) (string, string, error) {
    var stdout bytes.Buffer
    var stderr bytes.Buffer
    cmd := exec.Command("bash", "-c", command)
    cmd.Stdout = &stdout
    cmd.Stderr = &stderr
    err := cmd.Run()
    return stdout.String(), stderr.String(), err
}

and a while later i am doing this.

  t := "yoooooooooooo\"oo)(';#oooooooooooo"
    out, stderr, err := shellOut("echo \""   t   "\"  | ./doOperation.sh")
    if err != nil {
        log.Printf("final error: %v\nstderr: %s", err, stderr)
    }   
    fmt.Println(out)

but i am getting an error that looks like this:

2021/10/14 22:54:18 final error: exit status 1
stderr: bash: -c: line 838: syntax error near unexpected token `('
bash: -c: line 838: `                return "Symbol("   String(void 0 === t ? "" : t)   ")_"   (  n   r).toString(36)'

and when i give the variable t a value like "yooooo" its gets executed nicely, so how can i pass a variable with any weird character into echo? is there a way to escape all bad character before passing it?

CodePudding user response:

For purely academic purposes, I'm posting this function, as I had to do something similar a while back:

var bashReplacer = strings.NewReplacer(
    `)`, `\)`, // using back-ticks to keep our sanity
    `(`, `\(`,
    `'`, `\'`,
    `"`, `\"`,
    `$`, `\$`, // include if you don't want variable substitutions
    "`", "\\`", // can't use back-ticks to include a back-tick, so back to double-quotes
)

func bashEscape(s string) string { return bashReplacer.Replace(s) }

https://play.golang.org/p/uNfI_2MyjcI

However, as I mentioned in the comments, you can avoid all the pain of shell escaping by just running the target script directly, and feed in your UTF-8 string unaltered like so:

func execWithStdin(command, stdinText string) (string, string, error) {
    var (
        stdout bytes.Buffer
        stderr bytes.Buffer
    )

    cmd := exec.Command(command)
    cmd.Stdin = strings.NewReader(stdinText) // pass in our data via Stdin
    cmd.Stdout = &stdout
    cmd.Stderr = &stderr
    err := cmd.Run()
    return stdout.String(), stderr.String(), err
}

to use:

t := `yoooooooooooo"oo)(';#oooooooooooo`
t  = "`" // add a back-tick to make things interesting

// no shell escaping necessary:

out, stderr, err := execWithStdin("./doOperation.sh", t)
  • Related