From f1ebc33b8826802657b3043663a01b5eb4937517 Mon Sep 17 00:00:00 2001
From: Alexander Alten <aloalt@apache.org>
Date: Thu, 17 Aug 2023 11:44:31 +0200
Subject: [PATCH] Update Grep.java

split the command and its arguments into separate strings, ensuring that the output variable is passed as a single argument to the rm command, regardless of its content. Avoids arbitrary command execution.
---
 .../code/main/java/org/apache/wayang/apps/grep/Grep.java    | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/wayang-benchmark/code/main/java/org/apache/wayang/apps/grep/Grep.java b/wayang-benchmark/code/main/java/org/apache/wayang/apps/grep/Grep.java
index fe59312ec..9ece8ab8c 100644
--- a/wayang-benchmark/code/main/java/org/apache/wayang/apps/grep/Grep.java
+++ b/wayang-benchmark/code/main/java/org/apache/wayang/apps/grep/Grep.java
@@ -104,10 +104,8 @@ public static void main(String... args) throws Exception {
     String input = args[2]+"/python/src/pywy/tests/resources/10e"+size+"MB.input";
     String output = args[2]+"/lala.out";
 
-    String command = "rm -r "+output;
-    Runtime rt = Runtime.getRuntime();
-    Process process = rt.exec(new String[] {
-                    (command)});
+    String[] command = {"rm", "-r", output};
+    Process process = Runtime.getRuntime().exec(command);
 
     long pre = System.currentTimeMillis();
     switch (platform){