[Bro-Dev] Hui Lin_can I directly call linux shell script within event handler

Seth Hall seth at icir.org
Mon Nov 28 05:12:43 PST 2011

On Nov 27, 2011, at 11:42 PM, Matthias Vallentin wrote:

> It is good idea to call
>   str_shell_escape(source: string): string
> on the argument to system.

That function is actually much less necessary now that we have the piped_exec function.  str_shell_escape is only supposed to be used for data being put between double quotes so that the input doesn't escape from the double quoting.  

This is obviously super dangerous:
	system(fmt("rm \"%s\"", sniffed_data)); 
This is better:
	system(fmt("rm \"%s\"", str_shell_escape(sniffed_data))); 

If you need to supply something on STDIN to the program you are executing, you should use the piped_exec function.  You can provide the data supplied on STDIN as an argument to the function.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list