my dog learned polymorphism*
The moose likes JSP and the fly likes Pass input to a shell script Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Pass input to a shell script" Watch "Pass input to a shell script" New topic
Author

Pass input to a shell script

Girish Singh
Greenhorn

Joined: Jun 13, 2013
Posts: 4
Hello,
I am completely new to jsp, but I was looking at this option as it seems to address my needs.

Basically, I am looking to have a jsp url hhtp://<webserver:8080>/index.jsp which would have a input variable box. The input to this should be passed as input to a shell script.

Appreciate your help!!
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1059
    
  10

Girish Singh wrote:

Basically, I am looking to have a jsp url hhtp://<webserver:8080>/index.jsp which would have a input variable box. The input to this should be passed as input to a shell script.!


A really really bad idea. One should never give a user the opportunity to execute arbitrary, possibly malicious, code on your server.

What problem are you trying to solve?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61230
    
  66

Agree. Do you really want to give the user the ability to erase your hard disk?

Even so, this would not be the type of thing you would do from a JSP, but rather in a servlet that the JSP would submit to. But really, you do not want to open up this type of security hole.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Girish Singh
Greenhorn

Joined: Jun 13, 2013
Posts: 4
The shell script that i have explicitly does a certain function (which is not harmful).

All it needs is a input variable for the script.. and it is in the intranet and secure.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61230
    
  66

I still think it opens up high risk of script injection attacks.

But, in any case, and as I said, this is not something that you would do in a JSP, but rather a servlet (or Java class delegated by the servlet).
Girish Singh
Greenhorn

Joined: Jun 13, 2013
Posts: 4
can you direct me to a url or something which would give me a sample for using servlet for this.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61230
    
  66

There's nothing servlet-specific about it. You'd use the normal Java means to run a process. See the Java in General forum for previous discussions of doing so.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1059
    
  10

Girish Singh wrote:The shell script that i have explicitly does a certain function (which is not harmful).

All it needs is a input variable for the script.. and it is in the intranet and secure.


I would be interested to know what sort of input variable the script needs. Since it is being executed on the server it must relate to the server and must therefore have a very limited domain. Cannot you present the user with a list of possible values and get your user to select one. Your server can then check that the value provided is actually one from the list.

P.S. there are malicious people on an Intranet as well as on the Internet!
Girish Singh
Greenhorn

Joined: Jun 13, 2013
Posts: 4
I can give a drop down list as well, but that would be dynamic config that needs to be read from a file.
 
Don't get me started about those stupid light bulbs.
 
subject: Pass input to a shell script