Replace Runtime.exec with ProcessBuilder to prevent shell metacharacter expansion

[Copilot]

Shell implementations (CmdShell, BourneShell, CommandShell) cannot escape metacharacters like *, ?, [] in arguments. Passing a password S8p3r*S3cr3t causes the shell to expand the asterisk, making it impossible to pass literal wildcards.

Changes

Core execution path

• Modified Commandline.execute() to use ProcessBuilder instead of Runtime.getRuntime().exec()
• Changed from shell-wrapped command line to direct execution via getRawCommandline()
• Environment variables now set via ProcessBuilder.environment() map
• Working directory set via ProcessBuilder.directory()

Test coverage

• Added tests verifying asterisk and question mark arguments are preserved literally

Impact

Commands execute directly without shell interpretation. Shell features (pipes, redirects, glob expansion) no longer work through this API.

// Before: asterisk expanded by shell
Commandline cmd = new Commandline();
cmd.setExecutable("echo");
cmd.createArg().setValue("S8p3r*S3cr3t");  // Would list matching files

// After: asterisk preserved literally
cmd.execute();  // Outputs: S8p3r*S3cr3t

Fixes SCM-763.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>CmdShell does not escape asterisk arg value (SCM-763)</issue_title>
<issue_description>This was found during SCM-763.

Consider your want to pass a password (on Windows) with asterisk: S8p3r*S3cr3t. The escaped outcome is S8p3r*S3cr3t. No change, but to pass an asterisk you need to quote the entire string otherwise the shell will expand the asterisk. Correct value would be: "S8p3r*S3cr3t"

Currently, this is impossible in Plexus Utils.</issue_description>

Comments on the Issue (you are @copilot in this section)

@michael-o Yes, it is. The entire process execution suffers from one serious flaw that it executes a local shell rather than providing it to the system directory. The shell will do its own replacement which hasn't been espaced by this implementation. @slachiewicz Is it worth keeping the issue open? Any idea how this should be fixed? @michael-o > Is it worth keeping the issue open? Any idea how this should be fixed?

Yes, because the shell invocation needs to be dropped altogether.</comment_new>
<comment_new>@slachiewicz
Should be fixed here or deprecated here CmdShell and fix it properly on SCM?</comment_new>
<comment_new>@michael-o

Should be fixed here or deprecated here CmdShell and fix it properly on SCM?

Completely here replace all shell impls with ProcessBuilder </comment_new>

• Fixes CmdShell does not escape asterisk arg value (SCM-763) #37

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.