Hi Java experts,
It’s quite easy to badly use
- processes may block if streams are not correctly processed
stderrstream of the child process may be ignored. That occurred recently in SonarCloud Autoscan feature
A great detailed description is available at https://wiki.sei.cmu.edu/confluence/display/java/FIO07-J.+Do+not+let+external+processes+block+on+IO+buffers.
That deserves a new rule to detect the bad consumption of process streams. For example:
Process#getInputStream()should be called once before
waitFor(). That does not ensure that stream is correctly consumed and false-negatives are still possible, but it’s already a valuable indicator.
stderroris lost if
Process#getErrorStream()is not “gobbled”. If this method is not called before
waitFor(), then the solution is to call