We have an internal and external facing asp.net mvc app running under mono on ubuntu 10.04 LTS. There is also a complicated (native, not mono) command line app that users use on the same server. They log on via ssh to do this. We have the security for the ssh users pretty locked down, so they can't do very much other than run the command line app.
The users of these apps have to:
login via ssh to the server, run the command line app with whatever command line switches are required which then does some long running processing and puts a report in the db of the web app.
Login to the web app, then set some options for publishing a report via the web app.
The users of the apps want to skip step 1 and do it all in the web app. I am thinking of creating a service that regulary polls the db for command line app jobs to run. The jobs would be created by the users as desired in the web app.
The problem is, the users want a box in the web app where they can just fill in any command line options. But I don't want them to do something like this:
-a dothis -b dothis & rm importantfile.txt
...in case the user's credentials to the web app are somehow compromised. I want to make sure that only that command line app can be used and nothing else. I am thinking of preventing the characters ! | < > & / \ $ ( ) from being allowed, which looks like are not required by the command line app.
Is that good enough? Are there any other shell tricks I should know about? Should I take a different approach?
I really don't want to have to write some sort of parser for the arguments that the users supply, because there are a ton of them that the users like to use.
Instead of running the command line as a shell command (launching the shell to launch the program), can you launch the program itself as a new process? I believe that's what the answer here is doing: Execute a command line utility in ASP.NET . If the actual program is launched as a process, rather than a shell, then things like & or rm will just be arguments to the command line utility, which should be fine if the command line utility checks for bad inputs.
If that's not feasible (although it's probably the better option), replacing all single quotes with single quote escape sequences, then placing single quotes around each of the arguments (split the string with a space as the delimeter), could provide a similar effect. Instead of making sure you avoid all possible bad characters (; can be used similarly to & in many shells), you only need to make sure that the provided arguments can't escape out of the single quotes. (You might also want to check for single quote surrounded arguments beforehand, to avoid double quoting them, and don't cound escaped spaces when splitting up arguments, etc., so that the users can provide arguments that need spaces).
Related
We have an PowerShell automation script that uses certutil.exe to list CA, issued certificates, etc... on a given Windows Server.
We wrapped some functions around a system Invoke of certutil.exe and we are grepping its output to look for some given patterns. However, in a French/German (and others for sure) installed Windows server, our script does not work at all, because certutil is returning localized outputs and it's impossible to predict that, and impossible to support all the languages of the world. Is there any way to force certutil.exe to print its output in English instead of the current machine language ?
I know that in Linux environment, we can do that:
LANG=en_EN.UTF-8 ls /tmp/toto
It will force ls to answer in English
Thanks for your help
I have a rails app and I would like to display the log in the app itself. This will allow administrators to see what changes were recently made without entering the console and using the file with the logs. All logs will be displayed in the application administration. How is it possible to implement and what kind of gems do I need to use?
You don't need a Gem.
Add a controller, read the logfiles and render the output in HTML.
Probably need to limit the number of lines you read. Also there might be different log files to chose from.
I don't think this is a good idea though. Log files are for finding errors and you should not need them in your day to day work, unless you manage ther server.
Also they might contain sensitive data (CC Numbers, Pwds, ...) and it might get complicated when you use multiple servers with local disks.
Probably better to look at dedicated tools for this and handle logs outside of your application.
Assuming that you have git associated with your application or git bash installed in your system.
For displaying log information for the development mode, migrate to your application folder in your console/terminal and type tail -f log/development.log
I am trying to get rails to select document attachments, then kick off the email client with the documents attached.
I have it working on my development laptop. If I build a string with the appropriate parameters and pass that to system() then it kicks off the email client with the attachments..
The string looks something like
#email_content = "C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe"
"Mailto:?Attach=C:\Users\cm\RubymineProjects\technical_library\public\images\1\8302_printed.pdf
The first part calls the notes exe and the second part starts and email with the attachments. That worked fine on my laptop.
However, when I moved it to the server, it isn't kicking off the email client. I believe that it is because the shell commands are trying to execute on the server, not on the client.
Is it possible to run a shell command on the client machine? I am trying to get this working with Windows first and then the Mac environmemnt. I tried changing the C:\ to the machine name. i.e. \chrislaptop\Program Files (x86)\IBM\Lotus\Notes\notes.exe. but that didn't work.
No, fortunately that is not possible.
Imagine what happens when a request to some random page on the internet could trigger shell scripts on your local computer...
Arbitrary code execution escaping the browser is too invasive-- your app should not have access to the client's machine.
However, some applications may support URIs that open specific applications outside the browser. You generally see this more on mobile devices, but Spotify for example supports links that look like: spotify:artist:5lsC3H1vh9YSRQckyGv0Up which asks the user whether it is ok to open the Spotify application.
https://news.spotify.com/us/2008/01/14/linking-to-spotify/
I would like to analyze all the posts created by users of my Rails App, which is hosted on Heroku. In the console, I created a variable that contains every word ever posted on the site, which accounts for hundreds of thousands of words. I'd like to export these words from the console to do analysis elsewhere.
I've read from this post that using Tee enables you to get a copy of the output of your console:
How to export a Ruby Array from my Heroku console into CSV?
The problem is that if I try to print all the words, the console always shows '--More--', at which point I press the enter key to reveal more of the text. As you can imagine, for hundreds of thousands of words, it would be impractical for me to keep pressing enter to reveal the entirety of the text. How can I bypass this?
heroku run console | tee output.txt
If you're using tee-trick above, you can just type q to exit your terminal pager program (I assume it's more) since tee writes simultaneously into the standard out (that's why you're seeing all the output and more automatically starts to page it) and to the file you gave it on the argument (output.txt in the case above).
Since you don't need/want to view all the output, just quit more and do what you want with the file.
Have you tried a plain old unix shell redirect?
heroku run console > output.txt
Probably is is better to write a rake task to output your data, so that is not mixed with other things that happen in the console. When you just use stdout (for example puts), then something like this should work:
heroku rake db:postexport > output.txt
How can you instruct an application or the printer to only print the first page, a page range or just odd or even pages of a file? I attempt this with the help of the Preview app, which looks promising:
set theFile to "[file-path/file]""
tell application "Preview"
activate
print theFile with properties {target printer:"Printer", ending page:1} without «class pdlg»
--these properties isn't available for the printer app, here just limiting amount of printed pages
quit
end tell
But with this I'm bitten by the sandboxd process that tells me the file can't be opened for printing and I get a deny file-read-data result in the log.
In the CUPS suggestion by adamh I encounter issues with umlauts and have other execution issues as well, possibly also because of sandbox rules. The code works from the command line, but not when called in automated fashion.
I tried to look up useful examples of the print command in a reference, in my books and tried searching the online Apple references, but I can't seem to find many examples fitting to the present day situation with sandbox, if any.
You could script printing by command line tool lp & lpr.
These talk to CUPS, Common Unix Printing System
To target pages / ranges:
lp -o page-ranges=2-4 "my_great_document.pdf"
To call it from applescript use do shell script
e.g,
do shell script "lp -o page-ranges=2-4 'my_great_document.pdf'"
For more ideas see: http://www.cups.org/documentation.php/options.html