[Bro-Dev] Hui Lin_can I directly call linux shell script within event handler
Seth Hall
seth at icir.org
Mon Nov 28 05:12:43 PST 2011
On Nov 27, 2011, at 11:42 PM, Matthias Vallentin wrote:
> It is good idea to call
>
> str_shell_escape(source: string): string
>
> on the argument to system.
That function is actually much less necessary now that we have the piped_exec function. str_shell_escape is only supposed to be used for data being put between double quotes so that the input doesn't escape from the double quoting.
This is obviously super dangerous:
system(fmt("rm \"%s\"", sniffed_data));
This is better:
system(fmt("rm \"%s\"", str_shell_escape(sniffed_data)));
If you need to supply something on STDIN to the program you are executing, you should use the piped_exec function. You can provide the data supplied on STDIN as an argument to the function.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list